From patchwork Wed Oct 16 19:21:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 1998189 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=RYkQAhDN; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XTLSJ3LqXz1xth for ; Thu, 17 Oct 2024 06:21:52 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 98F243858290 for ; Wed, 16 Oct 2024 19:21:50 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 98F243858290 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1729106510; bh=QXpjeW8UmaHfANi4GN2DfjWLguU1GIDcQ87HjdhHcE0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From; b=RYkQAhDNgjytkyuXq8fPrUhhN0ripMx3yfpbJ8LEILAh9xL2ZyPMYVJLZOXM7NmK+ /iHECl+HyTjKzwlce8C20CaW2KuwMFUgfYh3+bsRcmsEm3uFDVoGjcTQDObLDLK0lZ awnsEQrMiy+VxT9RLqFfV/xXGdrpYjLpr7lnvetc= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from antelope.elm.relay.mailchannels.net (antelope.elm.relay.mailchannels.net [23.83.212.4]) by sourceware.org (Postfix) with ESMTPS id 233513858D3C for ; Wed, 16 Oct 2024 19:21:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 233513858D3C Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=sourceware.org Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=sourceware.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 233513858D3C Authentication-Results: server2.sourceware.org; arc=pass smtp.remote-ip=23.83.212.4 ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1729106481; cv=pass; b=ZTDmP9zykg99ren/Yf1Aj61bZnbRF0bzCsPKLXiunmgk0XhOyP1M5WlR9ai5nddmuMR90C60ntfgQb5/fsIifT6Gq0HRUgqK5+8PshIphb5CWoq6hG37ODmHKuA0ic3MtvxyXmkea4EQBbjimtx3kF9zWpvlC0eFkbN/7bgfbqc= ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1729106481; c=relaxed/simple; bh=1X2rsmFBW/oydkZUsx9v+elCOeMKnm7CGGRKdEiN+Z8=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=fB4TFvmoYeeVQX0us6zfGYKrsQphJyeup6CIVDn8wKrntMuuvibphVYpcUc+nfFNrX9umpFC/TGAJzT+y0ZAJL3WmNQsc0YaZblpnbzZqvypoo0wt4ieXvFZtZkwEmoIjpj7ny2d1Bko2kRSxzXxUoEw/6qnyptpAuJZZgKR04E= ARC-Authentication-Results: i=2; server2.sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 11C321835C0; Wed, 16 Oct 2024 19:21:16 +0000 (UTC) Received: from pdx1-sub0-mail-a245.dreamhost.com (100-99-0-125.trex-nlb.outbound.svc.cluster.local [100.99.0.125]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id AD1571832AB; Wed, 16 Oct 2024 19:21:15 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1729106475; a=rsa-sha256; cv=none; b=5PEujl8GAbtFQBkhdni1W1quBr1IsDMDvdesY5Jb6XLRtuB9n3J/NEElcIssoQg/jVPGIS lG+4jEVjrb9+ll6/8OxsN//QZErlgZQ8Fvwz9ba/0LRl/qD2gbY4rUxRjqmE839Bhj6Jb8 t2UhV2sREV8cSfPZmTcQJ13ZtrXTD6g17WTLQnKZdMd1HaFMCXpQRKf2T5nHp8+XzXi6eu yrzBpdgX6cvhF/5XaM0ySPPogQYXR+3V89Tw/uggfDh7uJ/tFj0lGFlzmO+n7HhGc7apnS C/5iHcUstCEoTc4uENPu11z+TT5Rj/TuQPE+Ur/vQ2bbYpCM/TYqjWC445cl+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1729106475; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QXpjeW8UmaHfANi4GN2DfjWLguU1GIDcQ87HjdhHcE0=; b=uNVnjU3tRaQgJVbVHmF2UmRtn4KLDG17r1bfNJjevhHoZvFPeGox1cNWMSbBnBMEx+4SOv Fi4Ew03vRZ/HazQhGwBNl9DyYyL0wDYZ/zYBbOzt+1NJOzwKZXvDy5EHc4+P921sxAINGX khwCEp1zqFZgJWZa1ipH+uO3y+I16s72yxmkO2XdtTqg/+V/TjgWRGhyBgLZuCsMXDy1GS r2/iNFTs9RvbyDBV8xkoxCgU9ZbksgVrrR3/g7s+sIiuZZlX9d/8Uo4amtFIu7raGclOYP 8AOFM61RnaOU/ehlA8jr+eTpsiUp0y6wYkM6c2VEFWVLqy2cNIpgCBoMu685tQ== ARC-Authentication-Results: i=1; rspamd-75d86777c9-7msqt; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Shrill-Absorbed: 3e1173696bd1cc4d_1729106475923_2524875983 X-MC-Loop-Signature: 1729106475923:1590026960 X-MC-Ingress-Time: 1729106475923 Received: from pdx1-sub0-mail-a245.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.99.0.125 (trex/7.0.2); Wed, 16 Oct 2024 19:21:15 +0000 Received: from fedora.redhat.com (bras-base-toroon4859w-grc-89-184-146-156-41.dsl.bell.ca [184.146.156.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a245.dreamhost.com (Postfix) with ESMTPSA id 4XTLRb2Qbvz48; Wed, 16 Oct 2024 12:21:15 -0700 (PDT) From: Siddhesh Poyarekar To: libc-alpha@sourceware.org Cc: carlos@redhat.com Subject: [PATCH 2/2] io: Add setuid tests for faccessat Date: Wed, 16 Oct 2024 15:21:08 -0400 Message-ID: <20241016192108.811046-3-siddhesh@sourceware.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20241016192108.811046-1-siddhesh@sourceware.org> References: <20241016192108.811046-1-siddhesh@sourceware.org> MIME-Version: 1.0 X-Spam-Status: No, score=-1171.4 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_SOFTFAIL, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org Add a new test tst-faccessat-setuid that iterates through real and effective UID/GID combination and tests the faccessat() interface for default and AT_EACCESS flags. Signed-off-by: Siddhesh Poyarekar --- io/Makefile | 4 + io/tst-faccessat-setuid.c | 163 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 167 insertions(+) create mode 100644 io/tst-faccessat-setuid.c diff --git a/io/Makefile b/io/Makefile index a8d575e9ce..3ae26a5aa3 100644 --- a/io/Makefile +++ b/io/Makefile @@ -232,6 +232,10 @@ tests := \ tst-utimes \ # tests +xtests := \ + tst-faccessat-setuid \ + #xtests + tests-time64 := \ tst-fcntl-time64 \ tst-fts-time64 \ diff --git a/io/tst-faccessat-setuid.c b/io/tst-faccessat-setuid.c new file mode 100644 index 0000000000..aab0261914 --- /dev/null +++ b/io/tst-faccessat-setuid.c @@ -0,0 +1,163 @@ +/* Smoke test for faccessat with different UID/GID combinations. Needs root + access. + Copyright The GNU Toolchain Authors. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#define SOMEFILE "some-file" + +static int dir_fd; +uid_t users[3]; +gid_t groups[3]; + +struct test_case +{ + int mode; + uid_t uid; + uid_t euid; + gid_t gid; + gid_t egid; + int flags; + bool succeeds; +}; + +static void +run_one_test_child (void *in) +{ + struct test_case *t = (struct test_case *) in; + + printf ("TEST: MODE=%s, UID=%d, EUID=%d, GID=%d, EGID=%d, FLAGS=%s: ", + t->mode == R_OK ? "R_OK" : "W_OK", t->uid, t->euid, t->gid, t->egid, + t->flags ? "AT_EACCESS" : "0"); + + if (setregid (t->gid, t->egid) != 0) + FAIL_EXIT1 ("Could not change group: %m\n"); + if (setreuid (t->uid, t->euid) != 0) + FAIL_EXIT1 ("Could not change user: %m\n"); + + if (faccessat (dir_fd, SOMEFILE, t->mode, t->flags) != 0 && t->succeeds) + FAIL_EXIT1 ("faccessat failed: %m\n"); + + if (!t->succeeds && errno != EACCES) + FAIL_EXIT1 ("Unexpected faccessat failure: %m\n"); + + printf ("OK%s\n", !t->succeeds ? " (FAILED with EACCES)" : ""); +} + +static void +run_one_test (int mode, int u, int eu, int g, int eg, int flags, bool succeeds) +{ + struct test_case t = + {mode, users[u], users[eu], groups[g], groups[eg], flags, succeeds}; + support_isolate_in_subprocess (run_one_test_child, &t); +} + +static int +do_test (void) +{ + + /* We need to start as root. */ + if (getuid () != 0) + FAIL_UNSUPPORTED ("Test needs to be run as root (UID 0)\n"); + + /* Collect 3 distinct users and groups to test with. */ + struct passwd *ent = NULL; + int count = 0; + while ((ent = getpwent ()) != NULL && count < 3) + { + if (ent->pw_uid == 0 || ent->pw_gid == 0) + continue; + + int i = count; + bool skip = false; + while (i > 0) + if (groups[--i] == ent->pw_gid) + skip = true; + + if (skip) + continue; + + users[count] = ent->pw_uid; + groups[count++] = ent->pw_gid; + } + + if (count < 3) + FAIL_UNSUPPORTED ("Not enough users in the system to do this test\n"); + + printf ("Testing with UID/GID:\n"); + while (--count >= 0) + printf (" UID: %d, GID: %d\n", users[count], groups[count]); + printf ("\n"); + + char *tempdir = support_create_temp_directory ("tst-faccessat-setuid."); + dir_fd = xopen (tempdir, O_RDONLY | O_DIRECTORY, 0); + + xfchmod (dir_fd, 0777); + + /* Now, create a file in it, which will be our test case. */ + + int fd = openat (dir_fd, SOMEFILE, O_CREAT|O_RDWR|O_EXCL, 0640); + if (fd == -1) + { + if (errno == ENOSYS) + FAIL_UNSUPPORTED ("*at functions not supported"); + + FAIL_EXIT1 ("file creation failed"); + } + xwrite (fd, "hello", 5); + + if (fchown (fd, users[0], groups[1]) == -1) + FAIL_EXIT1 ("fchown failed: %m\n"); + xclose (fd); + + char *somefile = xasprintf ("%s/" SOMEFILE, tempdir); + add_temp_file (somefile); + + /* Finally, run through the combinations. */ + for (int u = 0; u < 3; u++) + for (int eu = 0; eu < 3; eu++) + for (int g = 0; g < 3; g++) + for (int eg = 0; eg < 3; eg++) + { + run_one_test (R_OK, u, eu, g, eg, 0, u == 0 || g == 1); + run_one_test (W_OK, u, eu, g, eg, 0, u == 0); + run_one_test (R_OK, u, eu, g, eg, AT_EACCESS, eu == 0 || eg == 1); + run_one_test (W_OK, u, eu, g, eg, AT_EACCESS, eu == 0); + } + + xclose (dir_fd); + free (tempdir); + free (somefile); + + return 0; +} +#include