1 /* $NetBSD: unsafe.c,v 1.2 2020/03/18 19:05:22 christos Exp $ */ 2 3 /*++ 4 /* NAME 5 /* unsafe 3 6 /* SUMMARY 7 /* are we running at non-user privileges 8 /* SYNOPSIS 9 /* #include <safe.h> 10 /* 11 /* int unsafe() 12 /* DESCRIPTION 13 /* The \fBunsafe()\fR routine attempts to determine if the process 14 /* (runs with privileges or has access to information) that the 15 /* controlling user has no access to. The purpose is to prevent 16 /* misuse of privileges, including access to protected information. 17 /* 18 /* The result is always false when both of the following conditions 19 /* are true: 20 /* .IP \(bu 21 /* The real UID is zero. 22 /* .IP \(bu 23 /* The effective UID is zero. 24 /* .PP 25 /* Otherwise, the result is true if any of the following conditions 26 /* is true: 27 /* .IP \(bu 28 /* The issetuid kernel flag is non-zero (on systems that support 29 /* this concept). 30 /* .IP \(bu 31 /* The real and effective user id differ. 32 /* .IP \(bu 33 /* The real and effective group id differ. 34 /* LICENSE 35 /* .ad 36 /* .fi 37 /* The Secure Mailer license must be distributed with this software. 38 /* AUTHOR(S) 39 /* Wietse Venema 40 /* IBM T.J. Watson Research 41 /* P.O. Box 704 42 /* Yorktown Heights, NY 10598, USA 43 /* 44 /* Wietse Venema 45 /* Google, Inc. 46 /* 111 8th Avenue 47 /* New York, NY 10011, USA 48 /*--*/ 49 50 /* System library. */ 51 52 #include <sys_defs.h> 53 #include <unistd.h> 54 55 /* Utility library. */ 56 57 #include "safe.h" 58 59 /* unsafe - can we trust user-provided environment, working directory, etc. */ 60 61 int unsafe(void) 62 { 63 64 /* 65 * The super-user is trusted. 66 */ 67 if (getuid() == 0 && geteuid() == 0) 68 return (0); 69 70 /* 71 * Danger: don't trust inherited process attributes, and don't leak 72 * privileged info that the parent has no access to. 73 */ 74 return (geteuid() != getuid() 75 #ifdef HAS_ISSETUGID 76 || issetugid() 77 #endif 78 || getgid() != getegid()); 79 } 80