Ana Sayfa Keşfet Yardım
Giriş Yap
SoftwareDesign
/
csu3_am335x
8
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Ağaç: 00fbdec005
Dallar Biçim İmleri
csu3_am335x
/
EVSE
/
GPL
/
pure-ftpd-1.0.49
/
src
/
ptracetest.c

ptracetest.c 2.5 KB
Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 
  1. 

  2. /*
    3. 

  3.  * This little program checks whether your operating system allows a process
    4. 

  4.  * to attach to another process whose uid is only identical because it
    5. 

  5.  * revoked its privileges.
    6. 

  6.  *
    7. 

  7.  * If it detects that your operating system may be unsafe, then it's probably
    8. 

  8.  * better to avoid usage of privilege separation if untrusted users have
    9. 

  9.  * shell access.
    10. 

  10.  *
    11. 

  11.  * Compile and run with :
    12. 

  12.  *
    13. 

  13.  * make ptracetest
    14. 

  14.  * ./ptracetest
    15. 

  15.  *
    16. 

  16.  * (C)opyleft 2003-2009 Jedi/Sector One <j at pureftpd dot org>.
    17. 

  17.  */
    18. 

  18. 

  19. #include <config.h>
    20. 

  20. #include "ftpd.h"
    21. 

  21. 

  22. #ifdef HAVE_SYS_WAIT_H
    23. 

  23. # include <sys/wait.h>
    24. 

  24. #endif
    25. 

  25. 

  26. #define TEST_GID 65534
    27. 

  27. #define TEST_UID 65534
    28. 

  28. #define ZIPPER "|/-\\ "
    29. 

  29. 

  30. #if !defined(HAVE_PTRACE) || !defined(HAVE_SYS_PTRACE_H) || !(defined(PT_ATTACH) || defined(PTRACE_ATTACH))
    31. 

  31. 

  32. int main(void)
    33. 

  33. {
    34. 

  34.     fputs("Sorry, this test can't be compiled in this platform\n", stderr);
    35. 

  35. 

  36.     return 255;
    37. 

  37. }
    38. 

  38. 

  39. #else
    40. 

  40. 

  41. # include <sys/ptrace.h>
    42. 

  42. 

  43. int main(void)
    44. 

  44. {
    45. 

  45.     pid_t pid;
    46. 

  46.     int rtn = 1;
    47. 

  47. 

  48.     if (geteuid() != (uid_t) 0) {
    49. 

  49.         fputs("Sorry, you need to run this program as root\n", stderr);
    50. 

  50.         return 254;
    51. 

  51.     }
    52. 

  52.     if (setgid((gid_t) TEST_GID) || setegid((gid_t) TEST_GID) ||
    53. 

  53.         setuid((uid_t) TEST_UID) || seteuid((uid_t) TEST_UID)) {
    54. 

  54.         perror("Error while switching gid/uid");
    55. 

  55.         return 254;
    56. 

  56.     }
    57. 

  57.     if ((pid = fork()) == (pid_t) -1) {
    58. 

  58.         perror("Unable to fork");
    59. 

  59.         return 254;
    60. 

  60.     }
    61. 

  61.     if (pid == (pid_t) 0) {
    62. 

  62.         size_t t = (size_t) 0U;
    63. 

  63. 

  64.         fputs("Checking for traceability after uid change ", stdout);
    65. 

  65.         fflush(stdout);
    66. 

  66.         do {
    67. 

  67.             putchar(ZIPPER[t]);
    68. 

  68.             putchar('\b');
    69. 

  69.             fflush(stdout);
    70. 

  70.             (void) sleep(1U);
    71. 

  71.             t++;
    72. 

  72.         } while (t < sizeof ZIPPER - (size_t) 1U);
    73. 

  73.         putchar('\n');
    74. 

  74. 

  75.         _exit(0);
    76. 

  76.     } else {
    77. 

  77.         int status;
    78. 

  78.         long ret;
    79. 

  79. 

  80. # ifdef PT_ATTACH
    81. 

  81.         ret = ptrace(PT_ATTACH, pid, NULL, NULL);
    82. 

  82. # else
    83. 

  83.         ret = ptrace(PTRACE_ATTACH, pid, NULL, NULL);
    84. 

  84. # endif
    85. 

  85. 

  86.         while (wait(&status) != pid);
    87. 

  87. 

  88.         if (ret < 0L) {
    89. 

  89.             puts("\n"
    90. 

  90.                  "*** YOUR OPERATING SYSTEM LOOKS SAFE ***\n"
    91. 

  91.                  "\n"
    92. 

  92.                  "You can probably enable privilege separation, even if\n"
    93. 

  93.                  "untrusted users also have shell access.");
    94. 

  94.             rtn = 0;
    95. 

  95.         } else {
    96. 

  96.             puts("\n"
    97. 

  97.                  "*** YOUR OPERATING SYSTEM MAY BE _UNSAFE_ ***\n"
    98. 

  98.                  "\n"
    99. 

  99.                  "Enabling privilege separation is ok as long as untrusted\n"
    100. 

  100.                  "users don't have shell access.");
    101. 

  101.         }
    102. 

  102.     }
    103. 

  103. 

  104.     return rtn;
    105. 

  105. }
    106. 

  106. 

  107. #endif
    108.