97 lines
2.1 KiB
C
97 lines
2.1 KiB
C
#include <err.h>
|
|
#include <errno.h>
|
|
#include <fcntl.h>
|
|
#include <stdlib.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/types.h>
|
|
#include <sys/wait.h>
|
|
#include <unistd.h>
|
|
|
|
void createFile(const char* path) {
|
|
int fd = open(path, O_WRONLY | O_CREAT, 0777);
|
|
if (fd < 0) {
|
|
err(1, "open(%s)", path);
|
|
exit(1);
|
|
} else {
|
|
close(fd);
|
|
}
|
|
}
|
|
|
|
void waitAndCheckStatus(pid_t child) {
|
|
int status;
|
|
if (waitpid(child, &status, 0) == -1) {
|
|
err(1, "waitpid() failed");
|
|
exit(1);
|
|
}
|
|
|
|
if (WIFEXITED(status)) {
|
|
int es = WEXITSTATUS(status);
|
|
if (es) {
|
|
err(1, "child exit status %d", es);
|
|
exit(1);
|
|
}
|
|
} else {
|
|
err(1, "child did not exit normally");
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
void deleteFile(uid_t user, const char* path) {
|
|
pid_t child = fork();
|
|
if (child == 0) {
|
|
if (setuid(user)) {
|
|
err(1, "setuid(%d)", user);
|
|
exit(1);
|
|
}
|
|
|
|
if (unlink(path)) {
|
|
err(1, "unlink(%s)", path);
|
|
exit(1);
|
|
}
|
|
exit(0);
|
|
}
|
|
waitAndCheckStatus(child);
|
|
}
|
|
|
|
int main(int argc, char** argv) {
|
|
const char kUser1Dir[] = "/user1dir";
|
|
const char kUser2File[] = "/user1dir/user2file";
|
|
const char kUser2File2[] = "/user1dir/user2file2";
|
|
|
|
const uid_t user1 = 6666;
|
|
const uid_t user2 = 6667;
|
|
|
|
if (mkdir(kUser1Dir, 0755) != 0) {
|
|
err(1, "mkdir(%s)", kUser1Dir);
|
|
exit(1);
|
|
}
|
|
// Enable sticky bit for user1dir.
|
|
if (chmod(kUser1Dir, 01777) != 0) {
|
|
err(1, "chmod(%s)", kUser1Dir);
|
|
exit(1);
|
|
}
|
|
createFile(kUser2File);
|
|
createFile(kUser2File2);
|
|
|
|
if (chown(kUser1Dir, user1, getegid())) {
|
|
err(1, "chown(%s)", kUser1Dir);
|
|
exit(1);
|
|
}
|
|
if (chown(kUser2File, user2, getegid())) {
|
|
err(1, "chown(%s)", kUser2File);
|
|
exit(1);
|
|
}
|
|
if (chown(kUser2File2, user2, getegid())) {
|
|
err(1, "chown(%s)", kUser2File2);
|
|
exit(1);
|
|
}
|
|
|
|
// User1 should be able to delete any file inside user1dir, even files of
|
|
// other users due to the sticky bit.
|
|
deleteFile(user1, kUser2File);
|
|
|
|
// User2 should naturally be able to delete its own file even if the file is
|
|
// inside a sticky dir owned by someone else.
|
|
deleteFile(user2, kUser2File2);
|
|
}
|