void fr_suid_down_permanent(void) { uid_t ruid, euid, suid; if (!did_setuid) return; if (getresuid(&ruid, &euid, &suid) < 0) { radlog(L_ERR, "Failed getting saved uid's"); _exit(1); } if (setresuid(server_uid, server_uid, server_uid) < 0) { radlog(L_ERR, "Failed in permanent switch to uid %s: %s", uid_name, strerror(errno)); _exit(1); } if (geteuid() != server_uid) { radlog(L_ERR, "Switched to unknown uid"); _exit(1); } if (getresuid(&ruid, &euid, &suid) < 0) { radlog(L_ERR, "Failed getting saved uid's: %s", strerror(errno)); _exit(1); } }
int main(int argc, char *const argv[], char *const envp[]) { uid_t olduid, ruid, euid, suid; //struct passwd *sbxuser; int ch, ret = -1; /*if (geteuid()) { fprintf(stderr, "The sandbox is not seteuid root, aborting\n"); return EXIT_FAILURE; } if (!getuid()) { fprintf(stderr, "The sandbox is not designed to be run by root, aborting\n"); return EXIT_FAILURE; }*/ getresuid(&ruid, &euid, &suid); fprintf(stderr,"first Hi from the sandbox! I'm pid=%d, uid=%d, euid=%d, rudi=%d, suid=%d\n", getpid(), getuid(), geteuid(), ruid, suid); olduid = getuid(); //ret = do_setuid(olduid); ret = setresuid(1000, 10, 5000);//setreuid(0, 2000); /* could not switch uid */ if (ret) { fprintf(stderr, "Could not properly drop privileges\n"); return EXIT_FAILURE; } getresuid(&ruid, &euid, &suid); fprintf(stderr,"dorp Hi from the sandbox! I'm pid=%d, uid=%d, euid=%d, rudi=%d, suid=%d\n", getpid(), getuid(), geteuid(), ruid, suid); ret = setuid(5000);//setreuid(5000, 10, 10); /* could not switch uid */ if (ret) { fprintf(stderr, "Could not properly regain privileges\n"); return EXIT_FAILURE; } getresuid(&ruid, &euid, &suid); fprintf(stderr,"regain Hi from the sandbox! I'm pid=%d, uid=%d, euid=%d, rudi=%d, suid=%d\n", getpid(), getuid(), geteuid(), ruid, suid); /* if(execv("/home/cr7/seccomp/untrust", NULL) < 0) { perror("Err on execl"); return EXIT_FAILURE; }*/ return 0; }
int main(void) { uid_t ruid = 13, euid = 13, suid = 13; gid_t rgid = 13, egid = 13, sgid = 13; int status; status = getresuid(&ruid, &euid, &suid); if (status != 0 || ruid != 0 || euid != 0 || suid != 0) { perror("getresuid"); fprintf(stderr, "%ld %ld %ld\n", (unsigned long) ruid, (unsigned long) euid, (unsigned long) suid); exit(EXIT_FAILURE); } status = getresgid(&rgid, &egid, &sgid); if (status != 0 || rgid != 0 || egid != 0 || sgid != 0) { perror("getresgid"); fprintf(stderr, "%ld %ld %ld\n", (unsigned long) ruid, (unsigned long) euid, (unsigned long) suid); exit(EXIT_FAILURE); } status = setresgid(1, 1, 1); if (status != 0) { perror("setresgid"); exit(EXIT_FAILURE); } status = getresgid(&rgid, &egid, &sgid); if (status != 0 || rgid != 1 || egid != 1 || sgid != 1) { perror("getresgid"); fprintf(stderr, "%ld %ld %ld\n", (unsigned long) rgid, (unsigned long) egid, (unsigned long) sgid); exit(EXIT_FAILURE); } if (status != 0 || rgid != 1 || egid != 1 || sgid != 1) { perror("getresgid"); fprintf(stderr, "%ld %ld %ld\n", (unsigned long) ruid, (unsigned long) euid, (unsigned long) suid); exit(EXIT_FAILURE); } status = setresuid(1, 1, 1); if (status != 0) { perror("setresuid"); exit(EXIT_FAILURE); } status = getresuid(&ruid, &euid, &suid); if (status != 0 || ruid != 1 || euid != 1 || suid != 1) { perror("getresuid"); fprintf(stderr, "%ld %ld %ld\n", (unsigned long) ruid, (unsigned long) euid, (unsigned long) suid); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); }
void problemB(void){ uid_t real; uid_t effective; uid_t saved; getresuid(&real, &effective, &saved); printf("initial real:%d, effective:%d, saved%d\n", real, effective, saved); setresuid(-1, real, -1); getresuid(&real, &effective, &saved); printf("initial real:%d, effective:%d, saved%d\n", real, effective, saved); setresuid(-1, -1, real); getresuid(&real, &effective, &saved); printf("initial real:%d, effective:%d, saved%d\n", real, effective, saved); }
int main(int ac, char **av) { int lc; /* loop counter */ char *msg; /* message returned from parse_opts */ uid_t real_uid, /* real/eff./saved user id from getresuid() */ eff_uid, sav_uid; /* Parse standard options given to run the test. */ msg = parse_opts(ac, av, NULL, NULL); if (msg != NULL) { tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg); } setup(); for (lc = 0; TEST_LOOPING(lc); lc++) { Tst_count = 0; /* * Call getresuid() to get the real/effective/saved * user id's of the calling process after * setreuid() in setup. */ TEST(getresuid(&real_uid, &eff_uid, &sav_uid)); if (TEST_RETURN == -1) { tst_resm(TFAIL, "getresuid() Failed, errno=%d : %s", TEST_ERRNO, strerror(TEST_ERRNO)); continue; } /* * Perform functional verification if test * executed without (-f) option. */ if (STD_FUNCTIONAL_TEST) { /* * Verify the real/effective/saved uid * values returned by getresuid with the * expected values. */ if ((real_uid != pr_uid) || (eff_uid != pe_uid) || (sav_uid != ps_uid)) { tst_resm(TFAIL, "real:%d, effective:%d, " "saved-user:%d ids differ", real_uid, eff_uid, sav_uid); } else { tst_resm(TPASS, "Functionality of getresuid() " "successful"); } } else { tst_resm(TPASS, "call succeeded"); } } cleanup(); tst_exit(); }
static gboolean check_is_root_user (void) { #ifndef G_OS_WIN32 uid_t ruid, euid, suid; /* Real, effective and saved user ID's */ gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */ #ifdef HAVE_GETRESUID if (getresuid (&ruid, &euid, &suid) != 0 || getresgid (&rgid, &egid, &sgid) != 0) #endif /* HAVE_GETRESUID */ { suid = ruid = getuid (); sgid = rgid = getgid (); euid = geteuid (); egid = getegid (); } if (ruid == 0) { return TRUE; } #endif return FALSE; }
/* * Set the current process's credentials to match the passed credential. */ static int cred_set(struct cred *cred) { int error; error = setresuid(cred->cr_ruid, cred->cr_euid, cred->cr_svuid); if (error) return (error); error = setugid(cred->cr_issetugid); if (error) { perror("__setugid"); return (error); } #ifdef CHECK_CRED_SET { uid_t ruid, euid, svuid; error = getresuid(&ruid, &euid, &svuid); if (error) { perror("getresuid"); return (-1); } assert(ruid == cred->cr_ruid); assert(euid == cred->cr_euid); assert(svuid == cred->cr_svuid); assert(cred->cr_issetugid == issetugid()); } #endif /* !CHECK_CRED_SET */ return (0); }
/* * sys_getuid * ---------- * * Gets the user information of the user the server is executing as */ DWORD request_sys_config_getuid(Remote *remote, Packet *packet) { Packet *response = packet_create_response(packet); DWORD res = ERROR_SUCCESS; #ifdef _WIN32 CHAR username[512], username_only[512], domainname_only[512]; LPVOID TokenUserInfo[4096]; HANDLE token; DWORD user_length = sizeof(username_only), domain_length = sizeof(domainname_only); DWORD size = sizeof(username), sid_type = 0, returned_tokinfo_length; memset(username, 0, sizeof(username)); memset(username_only, 0, sizeof(username_only)); memset(domainname_only, 0, sizeof(domainname_only)); do { if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &token)) { OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token); } if (!GetTokenInformation(token, TokenUser, TokenUserInfo, 4096, &returned_tokinfo_length)) { res = GetLastError(); break; } if (!LookupAccountSidA(NULL, ((TOKEN_USER*)TokenUserInfo)->User.Sid, username_only, &user_length, domainname_only, &domain_length, (PSID_NAME_USE)&sid_type)) { res = GetLastError(); break; } // Make full name in DOMAIN\USERNAME format _snprintf(username, 512, "%s\\%s", domainname_only, username_only); username[511] = '\0'; packet_add_tlv_string(response, TLV_TYPE_USER_NAME, username); } while (0); #else CHAR info[512]; uid_t ru, eu, su; gid_t rg, eg, sg; ru = eu = su = rg = eg = sg = 31337; getresuid(&ru, &eu, &su); getresgid(&rg, &eg, &sg); snprintf(info, sizeof(info)-1, "uid=%d, gid=%d, euid=%d, egid=%d, suid=%d, sgid=%d", ru, rg, eu, eg, su, sg); packet_add_tlv_string(response, TLV_TYPE_USER_NAME, info); #endif // Transmit the response packet_transmit_response(res, remote, response); return res; }
int main(int argc, char *argv[]) { uid_t uid; uid_t euid; uid_t sid; getresuid(&uid, &euid, &sid); printf("original -- "); printf("uid[%d], euid[%d]\n", getuid(), geteuid()); if (seteuid(getuid()) < 0) { printf("seteuid failure\n"); } printf("setuid -- "); printf("uid[%d], euid[%d]\n", getuid(), geteuid()); if (setuid(0) < 0) { printf("seteuid failure\n"); } printf("set root id -- "); printf("uid[%d], euid[%d]\n", getuid(), geteuid()); return EXIT_SUCCESS; }
/* * Return TRUE if the real, effective, or saved (if we can check it) user * ID or group are 0. */ gboolean running_with_special_privs(void) { #ifdef HAVE_SETRESUID uid_t ru, eu, su; #endif #ifdef HAVE_SETRESGID gid_t rg, eg, sg; #endif #ifdef HAVE_SETRESUID getresuid(&ru, &eu, &su); if (ru == 0 || eu == 0 || su == 0) return TRUE; #else if (getuid() == 0 || geteuid() == 0) return TRUE; #endif #ifdef HAVE_SETRESGID getresgid(&rg, &eg, &sg); if (rg == 0 || eg == 0 || sg == 0) return TRUE; #else if (getgid() == 0 || getegid() == 0) return TRUE; #endif return FALSE; }
int reportprivilege(char *message) { uid_t euid, ruid, suid; gid_t egid, rgid, sgid; int error; error = getresuid(&ruid, &euid, &suid); if (error) { perror("getresuid"); return (error); } error = getresgid(&rgid, &egid, &sgid); if (error) { perror("getresgid"); return (error); } if (message) printf("%s: ", message); printf("ruid: %d, euid: %d, suid: %d, ", ruid, euid, suid); printf("rgid: %d, egid: %d, sgid: %d\n", rgid, egid, sgid); return (0); }
static void test_setuid1 (enum ACTION action, int tno) { if (action == PREPARE) return; if (action != CHECK_AFTER) check_prev_uid (tno); if (action == SET && setuid (nobody_uid) < 0) { printf ("setuid failed: %m\n"); exit (1); } if (action != CHECK_BEFORE) { uid_t ruid, euid, suid; if (getresuid (&ruid, &euid, &suid) < 0) { printf ("getresuid failed: %d %m\n", tno); exit (1); } if (ruid != nobody_uid || euid != nobody_uid || suid != nobody_uid) { printf ("after setuid %d (%d %d %d) != (%d %d %d)\n", tno, ruid, euid, suid, nobody_uid, nobody_uid, nobody_uid); exit (1); } } }
/* * @brief Get the user name of the current process/thread. * @param pRemote Pointer to the \c Remote instance. * @param pRequest Pointer to the \c Request packet. * @returns Indication of success or failure. */ DWORD request_sys_config_getuid(Remote* pRemote, Packet* pPacket) { Packet *pResponse = packet_create_response(pPacket); DWORD dwResult = ERROR_SUCCESS; #ifdef _WIN32 dwResult = populate_uid(pResponse); #else CHAR info[512]; uid_t ru, eu, su; gid_t rg, eg, sg; ru = eu = su = rg = eg = sg = 31337; getresuid(&ru, &eu, &su); getresgid(&rg, &eg, &sg); snprintf(info, sizeof(info)-1, "uid=%d, gid=%d, euid=%d, egid=%d, suid=%d, sgid=%d", ru, rg, eu, eg, su, sg); packet_add_tlv_string(pResponse, TLV_TYPE_USER_NAME, info); #endif // Transmit the response packet_transmit_response(dwResult, pRemote, pResponse); return dwResult; }
static bool DropRoot() { if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0)) { perror("prctl(PR_SET_DUMPABLE)"); return false; } if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { perror("Still dumpable after prctl(PR_SET_DUMPABLE)"); return false; } gid_t rgid, egid, sgid; if (getresgid(&rgid, &egid, &sgid)) { perror("getresgid"); return false; } if (setresgid(rgid, rgid, rgid)) { perror("setresgid"); return false; } uid_t ruid, euid, suid; if (getresuid(&ruid, &euid, &suid)) { perror("getresuid"); return false; } if (setresuid(ruid, ruid, ruid)) { perror("setresuid"); return false; } return true; }
void print_id() { uid_t ruid, euid, suid; getresuid(&ruid, &euid, &suid); printf("Real UID %d, Effective UID %d, Saved UID %d\n", ruid, euid, suid); }
int main (void) { marker1 (); getresuid (&ruid, &euid, &suid); getresgid (&rgid, &egid, &sgid); marker2 (); return 0; }
static int do_test (void) { struct passwd *pwd = getpwnam ("nobody"); if (pwd == NULL) { puts ("User nobody doesn't exist"); return 0; } nobody_uid = pwd->pw_uid; nobody_gid = pwd->pw_gid; if (getresuid (&prev_ruid, &prev_euid, &prev_suid) < 0) { printf ("getresuid failed: %m\n"); exit (1); } if (getresgid (&prev_rgid, &prev_egid, &prev_sgid) < 0) { printf ("getresgid failed: %m\n"); exit (1); } if (prev_ruid == nobody_uid || prev_euid == nobody_uid || prev_suid == nobody_uid) { puts ("already running as user nobody, skipping tests"); exit (0); } if (prev_rgid == nobody_gid || prev_egid == nobody_gid || prev_sgid == nobody_gid) { puts ("already running as group nobody, skipping tests"); exit (0); } if (pthread_barrier_init (&b3, NULL, 3) != 0) { puts ("barrier_init failed"); exit (1); } if (pthread_barrier_init (&b4, NULL, 4) != 0) { puts ("barrier_init failed"); exit (1); } for (unsigned long int testno = 0; testno < sizeof (setuid_tests) / sizeof (setuid_tests[0]); ++testno) do_one_test (testno); return 0; }
static bool uid_verify(const uid_t real, const uid_t effective, const uid_t saved) { uid_t r, e, s; return (getresuid(&r, &e, &s) == 0 && uid_matches(real, r) && uid_matches(effective, e) && uid_matches(saved, s)); }
int main(int argc, char *argv[]) { pid_t ruid, euid, suid; gid_t rgid, egid, sgid; openlog("echoserver", LOG_NDELAY | LOG_PID, LOG_DAEMON); if (getresuid(&ruid, &euid, &suid) == -1) { syslog(LOG_ERR, "Failed to run getresuid\n"); } syslog(LOG_INFO, "Running as real UID=%d, EUID=%d, SUID=%d\n",ruid, euid, suid); syslog(LOG_INFO, "Running as real GID=%d, EGID=%d, SGID=%d\n",rgid, egid, sgid); poll_events(); }
/* * void * setup() - performs all ONE TIME setup for this test. * This function gets real/effective/saved uid/gid, umask, the device/inode * number of '/' and current working directory for the parent process. */ void setup() { tst_sig(FORK, DEF_HANDLER, cleanup); TEST_PAUSE; /* * Get the euid, ruid, egid, rgid, umask value * and the current working directory of the parent process. */ if (getresuid(&Pruid, &Peuid, &Psuid) < 0) { tst_brkm(TFAIL, cleanup, "getresuid() fails to get " "real/eff./saved uid of parent"); } if (getresgid(&Prgid, &Pegid, &Psgid) < 0) { tst_brkm(TFAIL, cleanup, "getresgid() fails to get " "real/eff./saved gid of parent"); } /* Get the process file mode creation mask by setting value 0 */ Pumask = umask(0); umask(Pumask); /* * Restore the mask value of the * process. */ /* * Get the pathname of current working directory of the parent * process. */ if ((Pcwd = (char *)getcwd(NULL, BUFSIZ)) == NULL) { tst_brkm(TFAIL, cleanup, "getcwd failed for the parent process"); } /* * Get the device and inode number of root directory for the * parent process. */ if (stat("/", &StatPbuf) == -1) { tst_brkm(TFAIL, cleanup, "stat(2) failed to get info. of '/' " "in parent process"); } /* * Get the device number and the inode number of "." (current- * working directory) for the parent process. */ if (stat(Pcwd, &Stat_cwd_Pbuf) < 0) { tst_brkm(TFAIL, cleanup, "stat(2) failed to get info. of " "working directory in parent process"); } }
void dump_uids(void) { uid_t uid, euid, suid; gid_t gid, egid, sgid; getresuid(&uid, &euid, &suid); getresgid(&gid, &egid, &sgid); outputstd("initial uid:%u gid:%u euid:%u egid:%u suid:%u sgid:%u\n", uid, gid, euid, egid, suid, sgid); }
int change_uids(uid_t * ruid, uid_t * euid, uid_t * suid, uid_t new_euid){ int ret = getresuid(ruid, euid, suid); if(ret == -1){ perror(NULL); return EXIT_OTHER_ERROR_STATUS; } ret = setresuid(*ruid, new_euid, *euid); if(ret == -1){ perror(NULL); return EXIT_OTHER_ERROR_STATUS; } return EXIT_SUCCESS_STATUS; }
/* * Return a process credential describing the current process. */ static int cred_get(struct cred *cred) { int error; error = getresuid(&cred->cr_ruid, &cred->cr_euid, &cred->cr_svuid); if (error) return (error); cred->cr_issetugid = issetugid(); return (0); }
int safe_getresuid(const char *file, const int lineno, void (*cleanup_fn)(void), uid_t *ruid, uid_t *euid, uid_t *suid) { int rval; rval = getresuid(ruid, euid, suid); if (rval == -1) { tst_brkm(TBROK | TERRNO, cleanup_fn, "%s:%d: getresuid(%p, %p, %p) failed", file, lineno, ruid, euid, suid); } return rval; }
void problemA(void) { //effective=real uid_t real; uid_t effective; uid_t saved; getresuid(&real, &effective, &saved); printf("initial real:%d, effective:%d, saved%d\n", real, effective, saved); //setresuid(-1, real, -1); ///* or seteuid(real); //*/ getresuid(&real, &effective, &saved); printf("initial real:%d, effective:%d, saved%d\n", real, effective, saved); //setresuid(-1, saved, -1); ///* seteuid(saved); //*/ getresuid(&real, &effective, &saved); printf("initial real:%d, effective:%d, saved%d\n", real, effective, saved); }
static void do_setresuid(const struct privctx *opts) { uid_t ruid, euid, suid; if (getresuid(&ruid, &euid, &suid) != 0) err(SETPRIV_EXIT_PRIVERR, _("getresuid failed")); if (opts->have_ruid) ruid = opts->ruid; if (opts->have_euid) euid = opts->euid; /* Also copy effective to saved (for paranoia). */ if (setresuid(ruid, euid, euid) != 0) err(SETPRIV_EXIT_PRIVERR, _("setresuid failed")); }
int main (int argc, char **argv) { Http_t tree; if (argc<2) die ("server bug"); signal(SIGCHLD, SIG_IGN); // get the pipe fd int pipefd = atoi (argv[1]); if (DEBUG) printf ("pipefd = %d\n", pipefd); while (1){ char uri_str[1024]; int sockfd; recvfd (pipefd, uri_str, sizeof(uri_str), &sockfd); if (DEBUG){ printf("uri=[%s]\n", uri_str); printf ("banksv client recieves a sockfd = %d\n", sockfd); } if(fork() == 0){ int ruid, euid, suid; getresuid(&ruid, &euid, &suid); if (DEBUG) printf("ruid=[%d], euid=[%d], suid=[%d]\n" , ruid , euid , suid); ReqLine_t reqline = ReqLine_new(REQ_KIND_POST , uri_str , HTTP_ONE_ONE); tree = Parse_parse(sockfd, 0); tree->reqLine = reqline; //response Handle_main (sockfd, tree); close(sockfd); exit(0); } close(sockfd); } return 0; }
/* On e.g. Linux, we can get the saved set-uid * via getresuid(2); not all systems support * this, however. On those that do not, * we use the suid value initialized at program * startup. */ void printUids(const char *msg) { ruid = getuid(); euid = geteuid(); #ifdef _GNU_SOURCE if (getresuid(&ruid, &euid, &suid) < 0) { fprintf(stderr, "Unable to getresuid: %s\n", strerror(errno)); exit(EXIT_FAILURE); /* NOTREACHED */ } #endif printf("%s: ruid %d, euid %d, suid %d\n", msg, ruid, euid, suid); }
uintmax_t test_getresuid(uintmax_t num, uintmax_t int_arg, const char *path) { uid_t ruid, euid, suid; uintmax_t i; benchmark_start(); for (i = 0; i < num; i++) { if (alarm_fired) break; (void)getresuid(&ruid, &euid, &suid); } benchmark_stop(); return (i); }
__attribute__((constructor)) void run(void) { if (strcmp(program_invocation_short_name, "vmware-vmx")) return; uid_t ruid, euid, suid; if (getresuid(&ruid, &euid, &suid)) err(1, "getresuid"); printf("current UIDs: %d %d %d\n", ruid, euid, suid); if (ruid == 0 || euid == 0 || suid == 0) { if (setresuid(0, 0, 0) || setresgid(0, 0, 0)) err(1, "setresxid"); printf("switched to root UID and GID"); system("/bin/bash"); _exit(0); } }