| Message ID | 20231009112047.2359-1-wegao@suse.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [v1] open15: allow restricted O_CREAT of FIFOs and regular files | expand |
Hi! > +// SPDX-License-Identifier: GPL-2.0-only The default license should be GPL-2.0-or-later for new tests. > +/* > + * Copyright (c) 2023 Wei Gao <wegao@suse.com> > + */ > + > +/*\ > + * [Description] > + * > + * Verify disallows open of FIFOs or regular files not owned by the user in world > + * writable sticky directories > + * > + * Linux commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 > + */ > + > +#include <pwd.h> > +#include <stdlib.h> > +#include "tst_test.h" > +#include "tst_safe_file_at.h" > + > +#define FILENAME "setuid04_testfile" > +#define DIR "ltp_tmp_check1" > +#define TEST_FILE "test_file_1" > +#define TEST_FIFO "test_fifo_1" > +#define LTP_USER1 "ltp_user1" > +#define LTP_USER2 "ltp_user2" > +#define CONCAT(dir, filename) dir "/" filename > +#define PROTECTED_REGULAR "/proc/sys/fs/protected_regular" > +#define PROTECTED_FIFOS "/proc/sys/fs/protected_fifos" > + > +static int LTP_USER1_UID; > +static int LTP_USER2_UID; > +static int dir_fd; > + > +static void run(void) > +{ > + int pid; > + > + SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0); > + SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0); > + > + pid = SAFE_FORK(); > + if (pid == 0) { > + SAFE_SETUID(LTP_USER1_UID); > + > + int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777); > + > + SAFE_CLOSE(fd); > + fd = SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777); > + SAFE_CLOSE(fd); > + > + TST_CHECKPOINT_WAKE(0); > + exit(0); > + } > + > + TST_CHECKPOINT_WAIT(0); This shouldn't be checkpoint, but rather you should wait for the child process with tst_reap_children() and the same in all the other cases. > + pid = SAFE_FORK(); > + > + if (pid == 0) { > + SAFE_SETUID(LTP_USER2_UID); > + > + int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777); This can't be SAFE_OPENAT() since it will TBROK instead of TFAIL in a case of a failure. You have to do the TST_EXP_FD(openat(...)) instead. And the same for all the cases that shouldn't fail. > + tst_res(TPASS, "check protect_regural == 0 pass"); > + SAFE_CLOSE(fd); > + > + fd = SAFE_OPEN(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT); > + tst_res(TPASS, "check protect_fifos == 0 pass"); > + SAFE_CLOSE(fd); > + > + TST_CHECKPOINT_WAKE(1); > + exit(0); > + } > + > + TST_CHECKPOINT_WAIT(1); > + > + SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1); > + SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1); > + > + pid = SAFE_FORK(); > + > + if (pid == 0) { > + SAFE_SETUID(LTP_USER2_UID); > + > + TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777)); > + if (TST_RET == -1 && TST_ERR == EACCES) > + tst_res(TPASS, "check protect_regural == 1 pass"); > + else > + tst_res(TFAIL | TERRNO, "check protect_regural == 1 failed"); And here you have to do TST_EXP_FAIL(openat(...)) and in all the failing cases as well. > + TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777)); > + if (TST_RET == -1 && TST_ERR == EACCES) > + tst_res(TPASS, "check protect_fifos == 1 pass"); > + else > + tst_res(TFAIL | TERRNO, "check protect_fifos == 1 failed"); > + > + TST_CHECKPOINT_WAKE(2); > + exit(0); > + } > + > + TST_CHECKPOINT_WAIT(2); > + > + SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2); > + SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2); > + SAFE_CHMOD(DIR, 0020 | S_ISVTX); > + > + pid = SAFE_FORK(); > + > + if (pid == 0) { > + SAFE_SETUID(LTP_USER2_UID); > + > + TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777)); > + if (TST_RET == -1 && TST_ERR == EACCES) > + tst_res(TPASS, "check protect_regural == 2 pass"); > + else > + tst_res(TFAIL | TERRNO, "check protect_regural == 2 failed"); > + > + TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777)); > + if (TST_RET == -1 && TST_ERR == EACCES) > + tst_res(TPASS, "check protect_fifos == 2 pass"); > + else > + tst_res(TFAIL | TERRNO, "check protect_fifos == 2 failed"); > + > + TST_CHECKPOINT_WAKE(3); > + exit(0); > + } > + > + TST_CHECKPOINT_WAIT(3); > +} > + > +static int add_user(char *username) > +{ > + const char *const cmd_useradd[] = {"useradd", username, NULL}; > + struct passwd *ltpuser; > + int rc, uid = -1; > + > + switch ((rc = tst_cmd(cmd_useradd, NULL, NULL, TST_CMD_PASS_RETVAL))) { > + case 0: > + case 9: > + ltpuser = SAFE_GETPWNAM(username); > + uid = ltpuser->pw_uid; > + break; > + default: > + tst_brk(TBROK, "Useradd failed (%d)", rc); > + } > + > + return uid; > +} > + > +static void del_user(char *username) > +{ > + const char *const cmd_userdel[] = {"userdel", "-r", username, NULL}; > + > + tst_cmd(cmd_userdel, NULL, NULL, TST_CMD_PASS_RETVAL); > + > +} > + > +static void setup(void) > +{ > + umask(0); > + SAFE_MKDIR(DIR, 0777 | S_ISVTX); > + > + dir_fd = SAFE_OPEN(DIR, O_DIRECTORY); > + > + LTP_USER1_UID = add_user(LTP_USER1); > + LTP_USER2_UID = add_user(LTP_USER2); We actually does not need to add users for these tests, we can just choose two random UIDs and use them, since all the kernel does is to compare the UIDs of the processes... So we can just do: #define LTP_USR_UID1 1000 #define LTP_USR_UID2 1001 > +} > + > +static void cleanup(void) > +{ > + del_user(LTP_USER1); > + del_user(LTP_USER2); > +} > + > +static struct tst_test test = { > + .setup = setup, > + .cleanup = cleanup, > + .needs_root = 1, > + .test_all = run, > + .needs_tmpdir = 1, > + .forks_child = 1, > + .save_restore = (const struct tst_path_val[]) { > + {PROTECTED_REGULAR, NULL, TST_SR_SKIP}, > + {PROTECTED_FIFOS, NULL, TST_SR_SKIP}, ^ TST_SR_TCONF Since we want to skip the test if these files are missing. > + {} > + }, > + .needs_checkpoints = 1, > +}; > -- > 2.35.3 > > > -- > Mailing list info: https://lists.linux.it/listinfo/ltp
diff --git a/runtest/syscalls b/runtest/syscalls index 4f1ee1f34..4152e1e5f 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -935,6 +935,7 @@ open11 open11 open12 open12 open13 open13 open14 open14 +open15 open15 openat01 openat01 openat02 openat02 diff --git a/testcases/kernel/syscalls/open/.gitignore b/testcases/kernel/syscalls/open/.gitignore index 001d874d6..af5997572 100644 --- a/testcases/kernel/syscalls/open/.gitignore +++ b/testcases/kernel/syscalls/open/.gitignore @@ -12,3 +12,4 @@ /open12_child /open13 /open14 +/open15 diff --git a/testcases/kernel/syscalls/open/open15.c b/testcases/kernel/syscalls/open/open15.c new file mode 100644 index 000000000..f0eec08e7 --- /dev/null +++ b/testcases/kernel/syscalls/open/open15.c @@ -0,0 +1,188 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (c) 2023 Wei Gao <wegao@suse.com> + */ + +/*\ + * [Description] + * + * Verify disallows open of FIFOs or regular files not owned by the user in world + * writable sticky directories + * + * Linux commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 + */ + +#include <pwd.h> +#include <stdlib.h> +#include "tst_test.h" +#include "tst_safe_file_at.h" + +#define FILENAME "setuid04_testfile" +#define DIR "ltp_tmp_check1" +#define TEST_FILE "test_file_1" +#define TEST_FIFO "test_fifo_1" +#define LTP_USER1 "ltp_user1" +#define LTP_USER2 "ltp_user2" +#define CONCAT(dir, filename) dir "/" filename +#define PROTECTED_REGULAR "/proc/sys/fs/protected_regular" +#define PROTECTED_FIFOS "/proc/sys/fs/protected_fifos" + +static int LTP_USER1_UID; +static int LTP_USER2_UID; +static int dir_fd; + +static void run(void) +{ + int pid; + + SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0); + SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0); + + pid = SAFE_FORK(); + if (pid == 0) { + SAFE_SETUID(LTP_USER1_UID); + + int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777); + + SAFE_CLOSE(fd); + fd = SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777); + SAFE_CLOSE(fd); + + TST_CHECKPOINT_WAKE(0); + exit(0); + } + + TST_CHECKPOINT_WAIT(0); + + pid = SAFE_FORK(); + + if (pid == 0) { + SAFE_SETUID(LTP_USER2_UID); + + int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777); + + tst_res(TPASS, "check protect_regural == 0 pass"); + SAFE_CLOSE(fd); + + fd = SAFE_OPEN(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT); + tst_res(TPASS, "check protect_fifos == 0 pass"); + SAFE_CLOSE(fd); + + TST_CHECKPOINT_WAKE(1); + exit(0); + } + + TST_CHECKPOINT_WAIT(1); + + SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1); + SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1); + + pid = SAFE_FORK(); + + if (pid == 0) { + SAFE_SETUID(LTP_USER2_UID); + + TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777)); + if (TST_RET == -1 && TST_ERR == EACCES) + tst_res(TPASS, "check protect_regural == 1 pass"); + else + tst_res(TFAIL | TERRNO, "check protect_regural == 1 failed"); + + TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777)); + if (TST_RET == -1 && TST_ERR == EACCES) + tst_res(TPASS, "check protect_fifos == 1 pass"); + else + tst_res(TFAIL | TERRNO, "check protect_fifos == 1 failed"); + + TST_CHECKPOINT_WAKE(2); + exit(0); + } + + TST_CHECKPOINT_WAIT(2); + + SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2); + SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2); + SAFE_CHMOD(DIR, 0020 | S_ISVTX); + + pid = SAFE_FORK(); + + if (pid == 0) { + SAFE_SETUID(LTP_USER2_UID); + + TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777)); + if (TST_RET == -1 && TST_ERR == EACCES) + tst_res(TPASS, "check protect_regural == 2 pass"); + else + tst_res(TFAIL | TERRNO, "check protect_regural == 2 failed"); + + TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777)); + if (TST_RET == -1 && TST_ERR == EACCES) + tst_res(TPASS, "check protect_fifos == 2 pass"); + else + tst_res(TFAIL | TERRNO, "check protect_fifos == 2 failed"); + + TST_CHECKPOINT_WAKE(3); + exit(0); + } + + TST_CHECKPOINT_WAIT(3); +} + +static int add_user(char *username) +{ + const char *const cmd_useradd[] = {"useradd", username, NULL}; + struct passwd *ltpuser; + int rc, uid = -1; + + switch ((rc = tst_cmd(cmd_useradd, NULL, NULL, TST_CMD_PASS_RETVAL))) { + case 0: + case 9: + ltpuser = SAFE_GETPWNAM(username); + uid = ltpuser->pw_uid; + break; + default: + tst_brk(TBROK, "Useradd failed (%d)", rc); + } + + return uid; +} + +static void del_user(char *username) +{ + const char *const cmd_userdel[] = {"userdel", "-r", username, NULL}; + + tst_cmd(cmd_userdel, NULL, NULL, TST_CMD_PASS_RETVAL); + +} + +static void setup(void) +{ + umask(0); + SAFE_MKDIR(DIR, 0777 | S_ISVTX); + + dir_fd = SAFE_OPEN(DIR, O_DIRECTORY); + + LTP_USER1_UID = add_user(LTP_USER1); + LTP_USER2_UID = add_user(LTP_USER2); +} + +static void cleanup(void) +{ + del_user(LTP_USER1); + del_user(LTP_USER2); +} + +static struct tst_test test = { + .setup = setup, + .cleanup = cleanup, + .needs_root = 1, + .test_all = run, + .needs_tmpdir = 1, + .forks_child = 1, + .save_restore = (const struct tst_path_val[]) { + {PROTECTED_REGULAR, NULL, TST_SR_SKIP}, + {PROTECTED_FIFOS, NULL, TST_SR_SKIP}, + {} + }, + .needs_checkpoints = 1, +};
Fix: #574 Signed-off-by: Wei Gao <wegao@suse.com> --- runtest/syscalls | 1 + testcases/kernel/syscalls/open/.gitignore | 1 + testcases/kernel/syscalls/open/open15.c | 188 ++++++++++++++++++++++ 3 files changed, 190 insertions(+) create mode 100644 testcases/kernel/syscalls/open/open15.c