From 329949050501501c130d09efc3aee7c78c6d4f9c Mon Sep 17 00:00:00 2001 From: peter Date: Mon, 3 Aug 1998 05:56:20 +0000 Subject: Import sendmail-8.9.1 (slightly trimmed) onto a fresh branch under src/contrib as per various discussions. I will copy across our changes and then point the Makefiles across once the dust has settled.. --- contrib/sendmail/test/Results | 156 +++++++++++++++++++++++++++++++++++++ contrib/sendmail/test/t_exclopen.c | 93 ++++++++++++++++++++++ contrib/sendmail/test/t_pathconf.c | 63 +++++++++++++++ contrib/sendmail/test/t_seteuid.c | 121 ++++++++++++++++++++++++++++ contrib/sendmail/test/t_setreuid.c | 133 +++++++++++++++++++++++++++++++ 5 files changed, 566 insertions(+) create mode 100644 contrib/sendmail/test/Results create mode 100644 contrib/sendmail/test/t_exclopen.c create mode 100644 contrib/sendmail/test/t_pathconf.c create mode 100644 contrib/sendmail/test/t_seteuid.c create mode 100644 contrib/sendmail/test/t_setreuid.c (limited to 'contrib/sendmail/test') diff --git a/contrib/sendmail/test/Results b/contrib/sendmail/test/Results new file mode 100644 index 0000000..3d930da --- /dev/null +++ b/contrib/sendmail/test/Results @@ -0,0 +1,156 @@ +The following are results of running t_setreuid on various architectures. + +OPSYS VERSION STATUS DATE TESTER/NOTES +===== ======= ====== ==== ============ + +SunOS 4.1 OK 93.07.19 eric +SunOS 4.1.2 OK 93.07.19 eric +SunOS 4.1.3 OK 93.09.25 Robert Elz + +BSD 4.4 OK 93.07.19 eric (wierd results, but functional) +BSD 4.3Utah OK 93.07.19 eric + +FreeBSD 2.1-sta OK 96.04.14 Jaye Mathisen + +Ultrix 4.2A OK 93.07.19 eric +Ultrix 4.3A OK 93.07.19 Allan Johannesen +Ultrix 4.5 OK 96.09.18 Gregory Neil Shapiro + +HP-UX 8.07 OK 93.07.19 eric (on 7xx series) +HP-UX 8.02 OK 93.07.19 Michael Corrigan (on 8xx series) +HP-UX 8.00 OK 93.07.21 Michael Corrigan (on 3xx/4xx series) +HP-UX 9.01 OK 93.11.19 Cassidy (on 7xx series) + +Solaris 2.1 +Solaris 2.2 FAIL 93.07.19 Bill Wisner +Solaris 2.3 FAIL 95.11.22 Scott J. Kramer +Solaris 2.5 OK 96.02.29 Carson Gaspar +Solaris 2.5.1 OK 96.11.29 Gregory Neil Shapiro + +OSF/1 T1.3-4 OK 93.07.19 eric (on DEC Alpha) +OSF/1 1.3 OK 94.12.10 Jeff A. Earickson (on Intel Paragon) +OSF/1 3.2D OK 96.09.18 Gregory Neil Shapiro +OSF/1 4.0 OK 96.09.18 Gregory Neil Shapiro + +CxOS 11.5 OK 96.07.08 Eric Schnoebelen +CxOS 11.0 OK 93.01.21 Eric Schnoebelen (CxOS 11.0 beta 1) +CxOS 10.x OK 93.01.21 Eric Schnoebelen + +AIX 3.1.5 FAIL 93.08.07 David J. N. Begley +AIX 3.2.3e FAIL 93.07.26 Steve Bauer +AIX 3.2.4 FAIL 93.10.07 David J. N. Begley +AIX 3.2.5 FAIL 94.05.17 Steve Bauer +AIX 4.1 FAIL 96.10.21 Hakan Lindholm +AIX 4.2 OK 96.10.16 Steve Bauer + +IRIX 4.0.4 OK 93.09.25 Robert Elz +IRIX 5.2 OK 94.12.06 Mark Andrews +IRIX 5.3 OK 94.12.06 Mark Andrews +IRIX 6.2 OK 96.09.16 Kari E. Hurtta +IRIX 6.3 OK 97.02.10 Mark Andrews + +SCO 3.2v4.0 OK 93.10.02 Peter Wemm (with -lsocket from 3.2v4 devsys) + +NeXT 2.1 OK 93.07.28 eric +NeXT 3.0 OK 34.05.05 Kevin John Wang + +Linux 0.99p10 OK 93.08.08 Karl London +Linux 0.99p13 OK 93.09.27 Christian Kuhtz +Linux 0.99p14 OK 93.11.30 Christian Kuhtz +Linux 1.0 OK 94.03.19 Shayne Smith +Linux 1.2.13 OK 95.11.02 Sven Neuhaus +Linux 2.0.17 OK 96.09.03 Horst von Brand + +BSD/386 1.0 OK 93.11.13 Tony Sanders + +DELL 2.2 OK 93.11.15 Peter Wemm (using -DSETEUID) + +Pyramid 5.0d OK 95.01.14 David Miller + + + +The following are results of running t_seteuid on various architectures. + +OPSYS VERSION STATUS DATE TESTER/NOTES +===== ======= ====== ==== ============ + +Solaris 2.3 OK 95.11.22 Scott J. Kramer +Solaris 2.4 OK 95.09.22 Thomas 'Mike' Michlmayr +Solaris 2.5 OK 96.02.29 Carson Gaspar +Solaris 2.5.1 OK 96.11.29 Gregory Neil Shapiro + +Linux 1.2.13 FAIL 95.11.02 Sven Neuhaus +Linux 2.0.17 FAIL 96.09.03 Horst von Brand + +AIX 4.1 OK 96.10.21 Hakan Lindholm + +IRIX 5.2 OK 95.12.01 Mark Andrews +IRIX 5.3 OK 95.12.01 Mark Andrews +IRIX 6.2 OK 96.09.16 Kari E. Hurtta +IRIX 6.3 OK 97.02.10 Mark Andrews + +FreeBSD 2.1-sta OK 96.04.14 Jaye Mathisen + +Ultrix 4.5 FAIL 96.09.18 Gregory Neil Shapiro + +OSF/1 3.2D OK 96.09.18 Gregory Neil Shapiro +OSF/1 4.0 OK 96.09.18 Gregory Neil Shapiro + +CxOS 11.5 FAIL 96.07.08 Eric Schnoebelen + + +The following are the results of running t_pathconf.c. Safe means that +the underlying filesystem (in NFS, the filesystem on the server) does not +permit regular (non-root) users to chown their files to another user. +Unsafe means that they can. Typically, BSD-based systems do not permit +giveaway and System V-based systems do. However, some systems (e.g., +Solaris) can set this on a per-system or per-filesystem basis. Entries +are the return value of pathconf, the errno value, and a * if chown +disagreed with the result of the pathconf call, and a ? if the test has +not been run. A mark of [R] means that the local filesystem has +chown set to be restricted, [U] means that it is set to be unrestricted. + + Safe Filesystem Unsafe Filesystem +SYSTEM LOCAL NFS-V2 NFS-V3 NFS-V2 NFS-V3 + +SunOS 4.1.3_U1 1/0 -1/EINVAL* n/a -1/EINVAL? n/a +SunOS 4.1.4 1/0 -1/EINVAL* n/a -1/EINVAL n/a + +AIX 3.2 0/0 0/0 + +Solaris 2.4 1/0 -1/EINVAL* +Solaris 2.5 1/0 -1/EINVAL* 1/0 0/0? +Solaris 2.5.1 1/0 -1/EINVAL* 0/0 + +DEC OSF1 3.0 0/0 0/0 +DEC OSF1 3.2D-2 0/0 0/0 0/0 +DEC OSF1 4.0A 0/0 0/0 0/0 +DEC OSF 4.0B 0/0 0/0 0/0 + +Ultrix 4.3 0/0 0/0 n/a n/a +Ultrix 4.5 1/0 1/0 + +HP-UX 9.05 -1/0 -1/EOPNOTSUPP* -1/EOPNOTSUPP +HP-UX 9.05[R] 1/0 -1/EOPNOTSUPP* -1/EOPNOTSUPP* +HP-UX 10.10 -1/0 -1/EOPNOTSUPP* -1/EOPNOTSUPP +HP-UX 10.20 -1/EOPNOTSUPP? -1/EOPNOTSUPP? +HP-UX 10.30 -1/0 -1/EOPNOTSUPP -1/EOPNOTSUPP + +BSD/OS 2.1 1/0 + +FreeBSD 2.1.7 1/0 -1/EINVAL* -1/EINVAL + +Irix 5.3 -1/0* -1/0 +Irix 6.2 1/0 -1/0 0/0* +Irix 6.2 -1/0 -1/0 +Irix 6.3 R10000 -1/0 -1/0 0/0* + +A/UX 3.1.1 1/0 + +DomainOS [R] -1/0* +DomainOS [U] -1/0 + +NCR MP-RAS 2 -1/0 +NCR MP-RAS 3 -1/0 + +Linux 2.0.27 1/0 1/0 diff --git a/contrib/sendmail/test/t_exclopen.c b/contrib/sendmail/test/t_exclopen.c new file mode 100644 index 0000000..a42baa9 --- /dev/null +++ b/contrib/sendmail/test/t_exclopen.c @@ -0,0 +1,93 @@ +/* +** This program tests your system to see if you have the lovely +** security-defeating semantics that an open with O_CREAT|O_EXCL +** set will successfully open a file named by a symbolic link that +** points to a non-existent file. Sadly, Posix is mute on what +** should happen in this situation. +** +** Results to date: +** AIX 3.2 OK +** BSD family OK +** BSD/OS 2.1 OK +** FreeBSD 2.1 OK +** DEC OSF/1 3.0 OK +** HP-UX 9.04 FAIL +** HP-UX 9.05 FAIL +** HP-UX 9.07 OK +** HP-UX 10.01 OK +** HP-UX 10.10 OK +** HP-UX 10.20 OK +** Irix 5.3 OK +** Irix 6.2 OK +** Irix 6.3 OK +** Irix 6.4 OK +** Linux OK +** NeXT 2.1 OK +** Solaris 2.x OK +** SunOS 4.x OK +** Ultrix 4.3 OK +*/ + +#include +#include +#include +#include +#include + +char Attacker[128]; +char Attackee[128]; + +main(argc, argv) + int argc; + char **argv; +{ + struct stat st; + + sprintf(Attacker, "/tmp/attacker.%d.%ld", getpid(), time(NULL)); + sprintf(Attackee, "/tmp/attackee.%d.%ld", getpid(), time(NULL)); + + if (symlink(Attackee, Attacker) < 0) + { + printf("Could not create %s->%s symlink: %d\n", + Attacker, Attackee, errno); + bail(1); + } + (void) unlink(Attackee); + if (stat(Attackee, &st) >= 0) + { + printf("%s already exists -- remove and try again.\n", + Attackee); + bail(1); + } + if (open(Attacker, O_WRONLY|O_CREAT|O_EXCL, 0644) < 0) + { + int saveerr = errno; + + if (stat(Attackee, &st) >= 0) + { + printf("Weird. Open failed but %s was created anyhow (errno = %d)\n", + Attackee, saveerr); + bail(1); + } + printf("Good show! Exclusive open works properly with symbolic links (errno = %d).\n", + saveerr); + bail(0); + } + if (stat(Attackee, &st) < 0) + { + printf("Weird. Open succeeded but %s was not created\n", + Attackee); + bail(2); + } + printf("Bad news: you can do an exclusive open through a symbolic link\n"); + printf("\tBe sure you #define BOGUS_O_EXCL in conf.h\n"); + bail(1); +} + +bail(stat) + int stat; +{ + (void) unlink(Attacker); + (void) unlink(Attackee); + exit(stat); +} diff --git a/contrib/sendmail/test/t_pathconf.c b/contrib/sendmail/test/t_pathconf.c new file mode 100644 index 0000000..a4b5038 --- /dev/null +++ b/contrib/sendmail/test/t_pathconf.c @@ -0,0 +1,63 @@ +/* +** The following test program tries the pathconf(2) routine. It should +** be run in a non-NFS-mounted directory (e.g., /tmp) and on remote (NFS) +** mounted directories running both NFS-v2 and NFS-v3 from systems that +** both do and do not permit file giveaway. +*/ + +#include +#include +#include +#include +#include + +main() +{ + int fd; + int i; + char tbuf[100]; + extern int errno; + + if (geteuid() == 0) + { + printf("*** Run me as a non-root user! ***\n"); + exit(EX_USAGE); + } + + strcpy(tbuf, "TXXXXXX"); + fd = mkstemp(tbuf); + if (fd < 0) + { + printf("*** Could not create test file %s\n", tbuf); + exit(EX_CANTCREAT); + } + errno = 0; + i = pathconf(".", _PC_CHOWN_RESTRICTED); + printf("pathconf(.) returns %2d, errno = %d\n", i, errno); + errno = 0; + i = pathconf(tbuf, _PC_CHOWN_RESTRICTED); + printf("pathconf(%s) returns %2d, errno = %d\n", tbuf, i, errno); + errno = 0; + i = fpathconf(fd, _PC_CHOWN_RESTRICTED); + printf("fpathconf(%s) returns %2d, errno = %d\n", tbuf, i, errno); + if (errno == 0 && i >= 0) + { + /* so it claims that it doesn't work -- try anyhow */ + printf(" fpathconf claims that chown is safe "); + if (fchown(fd, 1, 1) >= 0) + printf("*** but fchown works anyhow! ***\n"); + else + printf("and fchown agrees\n"); + } + else + { + /* well, let's see what really happens */ + printf(" fpathconf claims that chown is not safe "); + if (fchown(fd, 1, 1) >= 0) + printf("as indeed it is not\n"); + else + printf("*** but in fact it is safe ***\n"); + } + unlink(tbuf); + exit(EX_OK); +} diff --git a/contrib/sendmail/test/t_seteuid.c b/contrib/sendmail/test/t_seteuid.c new file mode 100644 index 0000000..f3bd529 --- /dev/null +++ b/contrib/sendmail/test/t_seteuid.c @@ -0,0 +1,121 @@ +/* +** This program checks to see if your version of seteuid works. +** Compile it, make it setuid root, and run it as yourself (NOT as +** root). If it won't compile or outputs any MAYDAY messages, don't +** define USESETEUID in conf.h. +** +** NOTE: It is not sufficient to have seteuid in your library. +** You must also have saved uids that function properly. +** +** Compilation is trivial -- just "cc t_seteuid.c". Make it setuid, +** root and then execute it as a non-root user. +*/ + +#include +#include +#include + +#ifdef __hpux +#define seteuid(e) setresuid(-1, e, -1) +#endif + +main() +{ + int fail = 0; + uid_t realuid = getuid(); + + printuids("initial uids", realuid, 0); + + if (geteuid() != 0) + { + printf("SETUP ERROR: re-run setuid root\n"); + exit(1); + } + + if (getuid() == 0) + { + printf("SETUP ERROR: must be run by a non-root user\n"); + exit(1); + } + + if (seteuid(1) < 0) + printf("seteuid(1) failure\n"); + printuids("after seteuid(1)", realuid, 1); + + if (geteuid() != 1) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + + /* do activity here */ + + if (seteuid(0) < 0) + { + fail++; + printf("seteuid(0) failure\n"); + } + printuids("after seteuid(0)", realuid, 0); + + if (geteuid() != 0) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + if (getuid() != realuid) + { + fail++; + printf("MAYDAY! Wrong real uid\n"); + } + printf("\n"); + + if (seteuid(2) < 0) + { + fail++; + printf("seteuid(2) failure\n"); + } + printuids("after seteuid(2)", realuid, 2); + + if (geteuid() != 2) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + + /* do activity here */ + + if (seteuid(0) < 0) + { + fail++; + printf("seteuid(0) failure\n"); + } + printuids("after seteuid(0)", realuid, 0); + + if (geteuid() != 0) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + if (getuid() != realuid) + { + fail++; + printf("MAYDAY! Wrong real uid\n"); + } + + if (fail) + { + printf("\nThis system cannot use seteuid\n"); + exit(1); + } + + printf("\nIt is safe to define USESETEUID on this system\n"); + exit(0); +} + +printuids(str, r, e) + char *str; + int r, e; +{ + printf("%s (should be %d/%d): r/euid=%d/%d\n", str, r, e, + getuid(), geteuid()); +} diff --git a/contrib/sendmail/test/t_setreuid.c b/contrib/sendmail/test/t_setreuid.c new file mode 100644 index 0000000..6622068 --- /dev/null +++ b/contrib/sendmail/test/t_setreuid.c @@ -0,0 +1,133 @@ +/* +** This program checks to see if your version of setreuid works. +** Compile it, make it setuid root, and run it as yourself (NOT as +** root). If it won't compile or outputs any MAYDAY messages, don't +** define HASSETREUID in conf.h. +** +** Compilation is trivial -- just "cc t_setreuid.c". Make it setuid, +** root and then execute it as a non-root user. +*/ + +#include +#include +#include + +#ifdef __hpux +#define setreuid(r, e) setresuid(r, e, -1) +#endif + +main() +{ + int fail = 0; + uid_t realuid = getuid(); + + printuids("initial uids", realuid, 0); + + if (geteuid() != 0) + { + printf("SETUP ERROR: re-run setuid root\n"); + exit(1); + } + + if (getuid() == 0) + { + printf("SETUP ERROR: must be run by a non-root user\n"); + exit(1); + } + + if (setreuid(0, 1) < 0) + { + fail++; + printf("setreuid(0, 1) failure\n"); + } + printuids("after setreuid(0, 1)", 0, 1); + + if (geteuid() != 1) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + + /* do activity here */ + + if (setreuid(-1, 0) < 0) + { + fail++; + printf("setreuid(-1, 0) failure\n"); + } + printuids("after setreuid(-1, 0)", 0, 0); + if (setreuid(realuid, 0) < 0) + { + fail++; + printf("setreuid(%d, 0) failure\n", realuid); + } + printuids("after setreuid(realuid, 0)", realuid, 0); + + if (geteuid() != 0) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + if (getuid() != realuid) + { + fail++; + printf("MAYDAY! Wrong real uid\n"); + } + printf("\n"); + + if (setreuid(0, 2) < 0) + { + fail++; + printf("setreuid(0, 2) failure\n"); + } + printuids("after setreuid(0, 2)", 0, 2); + + if (geteuid() != 2) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + + /* do activity here */ + + if (setreuid(-1, 0) < 0) + { + fail++; + printf("setreuid(-1, 0) failure\n"); + } + printuids("after setreuid(-1, 0)", 0, 0); + if (setreuid(realuid, 0) < 0) + { + fail++; + printf("setreuid(%d, 0) failure\n", realuid); + } + printuids("after setreuid(realuid, 0)", realuid, 0); + + if (geteuid() != 0) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + if (getuid() != realuid) + { + fail++; + printf("MAYDAY! Wrong real uid\n"); + } + + if (fail) + { + printf("\nThis system cannot use setreuid\n"); + exit(1); + } + + printf("\nIt is safe to define HASSETREUID on this system\n"); + exit(0); +} + +printuids(str, r, e) + char *str; + int r, e; +{ + printf("%s (should be %d/%d): r/euid=%d/%d\n", str, r, e, + getuid(), geteuid()); +} -- cgit v1.1