1/* $NetBSD: unsafe.c,v 1.2 2020/03/18 19:05:22 christos Exp $ */ 2 3/*++ 4/* NAME 5/* unsafe 3 6/* SUMMARY 7/* are we running at non-user privileges 8/* SYNOPSIS 9/* #include <safe.h> 10/* 11/* int unsafe() 12/* DESCRIPTION 13/* The \fBunsafe()\fR routine attempts to determine if the process 14/* (runs with privileges or has access to information) that the 15/* controlling user has no access to. The purpose is to prevent 16/* misuse of privileges, including access to protected information. 17/* 18/* The result is always false when both of the following conditions 19/* are true: 20/* .IP \(bu 21/* The real UID is zero. 22/* .IP \(bu 23/* The effective UID is zero. 24/* .PP 25/* Otherwise, the result is true if any of the following conditions 26/* is true: 27/* .IP \(bu 28/* The issetuid kernel flag is non-zero (on systems that support 29/* this concept). 30/* .IP \(bu 31/* The real and effective user id differ. 32/* .IP \(bu 33/* The real and effective group id differ. 34/* LICENSE 35/* .ad 36/* .fi 37/* The Secure Mailer license must be distributed with this software. 38/* AUTHOR(S) 39/* Wietse Venema 40/* IBM T.J. Watson Research 41/* P.O. Box 704 42/* Yorktown Heights, NY 10598, USA 43/* 44/* Wietse Venema 45/* Google, Inc. 46/* 111 8th Avenue 47/* New York, NY 10011, USA 48/*--*/ 49 50/* System library. */ 51 52#include <sys_defs.h> 53#include <unistd.h> 54 55/* Utility library. */ 56 57#include "safe.h" 58 59/* unsafe - can we trust user-provided environment, working directory, etc. */ 60 61int unsafe(void) 62{ 63 64 /* 65 * The super-user is trusted. 66 */ 67 if (getuid() == 0 && geteuid() == 0) 68 return (0); 69 70 /* 71 * Danger: don't trust inherited process attributes, and don't leak 72 * privileged info that the parent has no access to. 73 */ 74 return (geteuid() != getuid() 75#ifdef HAS_ISSETUGID 76 || issetugid() 77#endif 78 || getgid() != getegid()); 79} 80