From: Cyril Hrubis <chrubis@suse.cz>
To: keyrings@vger.kernel.org
Subject: Re: [LTP] [PATCH 4/4] syscalls/add_key03: new test for forging user keyrings
Date: Wed, 11 Oct 2017 13:47:48 +0000 [thread overview]
Message-ID: <20171011134748.GC15968@rei> (raw)
Hi!
> +static key_serial_t create_keyring(const char *description)
> +{
> + TEST(add_key("keyring", description, NULL, 0,
> + KEY_SPEC_PROCESS_KEYRING));
> + if (TEST_RETURN < 0) {
> + tst_brk(TBROK | TTERRNO,
> + "unable to create keyring '%s'", description);
> + }
> + return TEST_RETURN;
> +}
> +
> +static key_serial_t get_keyring_id(key_serial_t special_id)
> +{
> + TEST(keyctl(KEYCTL_GET_KEYRING_ID, special_id, 1));
> + if (TEST_RETURN < 0) {
> + tst_brk(TBROK | TTERRNO,
> + "unable to get ID of keyring %d", special_id);
> + }
> + return TEST_RETURN;
> +}
> +
> +static void unlink_keyring(key_serial_t id)
> +{
> + TEST(keyctl(KEYCTL_UNLINK, id, KEY_SPEC_PROCESS_KEYRING));
> + if (TEST_RETURN < 0) {
> + tst_brk(TBROK | TTERRNO,
> + "unable to unlink the keyring we created");
> + }
> +}
> +
> +static void do_test(void)
> +{
> + int i;
> +
> + /*
> + * Try with multiple user IDs before reporting success. By chance, some
> + * users may already have an existing user keyring; the bug will not be
> + * reproducible for them.
> + */
> + for (i = 0; i < 10; i++) {
> + char description[32];
> + uid_t uid;
> + key_serial_t fake_user_keyring;
> + key_serial_t fake_user_session_keyring;
> +
> + uid = rand();
> + if (uid = 0)
> + continue;
We have testcases that look for unused uid with this loop:
for (i = 1; i < 1000; i++) {
if (!getpwuid(i))
return i;
}
What about using this instead of doing 10 random tries?
> + sprintf(description, "_uid.%u", uid);
> + fake_user_keyring = create_keyring(description);
> + sprintf(description, "_uid_ses.%u", uid);
> + fake_user_session_keyring = create_keyring(description);
> +
> + TEST(setreuid(uid, 0));
> + if (TEST_RETURN < 0) {
> + tst_brk(TBROK | TTERRNO,
> + "unable to set real uid to %u", uid);
> + }
I guess that we should add SAFE_SETREUID() to the tst_safe_macros.h
library. We do have SAFE_SETRESUID() though, so we may as well use
SAFE_SETRESUID(uid, -1, -1) here.
> + if (fake_user_keyring = get_keyring_id(KEY_SPEC_USER_KEYRING)) {
> + tst_brk(TFAIL,
> + "created user keyring for another user");
> + }
> +
> + if (fake_user_session_keyring =
> + get_keyring_id(KEY_SPEC_USER_SESSION_KEYRING)) {
> + tst_brk(TFAIL,
> + "created user session keyring for another user");
> + }
> +
> + TEST(setreuid(0, 0));
> + if (TEST_RETURN < 0)
> + tst_brk(TBROK | TTERRNO, "unable to reset real uid");
> + uid++;
> +
> + unlink_keyring(fake_user_keyring);
> + unlink_keyring(fake_user_session_keyring);
> + }
> + tst_res(TPASS, "expectedly could not create another user's keyrings");
> +}
> +
> +static struct tst_test test = {
> + .test_all = do_test,
> + .needs_root = 1,
> +};
> --
> 2.14.2.920.gcf0c67979c-goog
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
--
Cyril Hrubis
chrubis@suse.cz
WARNING: multiple messages have this Message-ID (diff)
From: Cyril Hrubis <chrubis@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 4/4] syscalls/add_key03: new test for forging user keyrings
Date: Wed, 11 Oct 2017 15:47:48 +0200 [thread overview]
Message-ID: <20171011134748.GC15968@rei> (raw)
In-Reply-To: <20171010175120.90586-5-ebiggers3@gmail.com>
Hi!
> +static key_serial_t create_keyring(const char *description)
> +{
> + TEST(add_key("keyring", description, NULL, 0,
> + KEY_SPEC_PROCESS_KEYRING));
> + if (TEST_RETURN < 0) {
> + tst_brk(TBROK | TTERRNO,
> + "unable to create keyring '%s'", description);
> + }
> + return TEST_RETURN;
> +}
> +
> +static key_serial_t get_keyring_id(key_serial_t special_id)
> +{
> + TEST(keyctl(KEYCTL_GET_KEYRING_ID, special_id, 1));
> + if (TEST_RETURN < 0) {
> + tst_brk(TBROK | TTERRNO,
> + "unable to get ID of keyring %d", special_id);
> + }
> + return TEST_RETURN;
> +}
> +
> +static void unlink_keyring(key_serial_t id)
> +{
> + TEST(keyctl(KEYCTL_UNLINK, id, KEY_SPEC_PROCESS_KEYRING));
> + if (TEST_RETURN < 0) {
> + tst_brk(TBROK | TTERRNO,
> + "unable to unlink the keyring we created");
> + }
> +}
> +
> +static void do_test(void)
> +{
> + int i;
> +
> + /*
> + * Try with multiple user IDs before reporting success. By chance, some
> + * users may already have an existing user keyring; the bug will not be
> + * reproducible for them.
> + */
> + for (i = 0; i < 10; i++) {
> + char description[32];
> + uid_t uid;
> + key_serial_t fake_user_keyring;
> + key_serial_t fake_user_session_keyring;
> +
> + uid = rand();
> + if (uid == 0)
> + continue;
We have testcases that look for unused uid with this loop:
for (i = 1; i < 1000; i++) {
if (!getpwuid(i))
return i;
}
What about using this instead of doing 10 random tries?
> + sprintf(description, "_uid.%u", uid);
> + fake_user_keyring = create_keyring(description);
> + sprintf(description, "_uid_ses.%u", uid);
> + fake_user_session_keyring = create_keyring(description);
> +
> + TEST(setreuid(uid, 0));
> + if (TEST_RETURN < 0) {
> + tst_brk(TBROK | TTERRNO,
> + "unable to set real uid to %u", uid);
> + }
I guess that we should add SAFE_SETREUID() to the tst_safe_macros.h
library. We do have SAFE_SETRESUID() though, so we may as well use
SAFE_SETRESUID(uid, -1, -1) here.
> + if (fake_user_keyring == get_keyring_id(KEY_SPEC_USER_KEYRING)) {
> + tst_brk(TFAIL,
> + "created user keyring for another user");
> + }
> +
> + if (fake_user_session_keyring ==
> + get_keyring_id(KEY_SPEC_USER_SESSION_KEYRING)) {
> + tst_brk(TFAIL,
> + "created user session keyring for another user");
> + }
> +
> + TEST(setreuid(0, 0));
> + if (TEST_RETURN < 0)
> + tst_brk(TBROK | TTERRNO, "unable to reset real uid");
> + uid++;
> +
> + unlink_keyring(fake_user_keyring);
> + unlink_keyring(fake_user_session_keyring);
> + }
> + tst_res(TPASS, "expectedly could not create another user's keyrings");
> +}
> +
> +static struct tst_test test = {
> + .test_all = do_test,
> + .needs_root = 1,
> +};
> --
> 2.14.2.920.gcf0c67979c-goog
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
--
Cyril Hrubis
chrubis@suse.cz
next reply other threads:[~2017-10-11 13:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-11 13:47 Cyril Hrubis [this message]
2017-10-11 13:47 ` [LTP] [PATCH 4/4] syscalls/add_key03: new test for forging user keyrings Cyril Hrubis
2017-10-11 13:53 ` Cyril Hrubis
2017-10-11 13:53 ` Cyril Hrubis
-- strict thread matches above, loose matches on Subject: below --
2017-10-10 17:51 Eric Biggers
2017-10-10 17:51 ` [LTP] " Eric Biggers
2017-10-10 17:51 [PATCH 3/4] syscalls/keyctl07: new test for oops when reading negative key Eric Biggers
2017-10-10 17:51 ` [LTP] " Eric Biggers
2017-10-10 17:51 [PATCH 2/4] syscalls/keyctl06: new test for keyring_read() buffer overrun Eric Biggers
2017-10-10 17:51 ` [LTP] " Eric Biggers
2017-10-10 17:51 [PATCH 1/4] lapi/keyctl.h: add a few missing definitions Eric Biggers
2017-10-10 17:51 ` [LTP] " Eric Biggers
2017-10-10 17:51 [PATCH 0/4] ltp: add tests for some recently-fixed keyrings bugs Eric Biggers
2017-10-10 17:51 ` [LTP] " Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171011134748.GC15968@rei \
--to=chrubis@suse.cz \
--cc=keyrings@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.