From: Cyril Hrubis <chrubis@suse.cz>
To: keyrings@vger.kernel.org
Subject: Re: [LTP] [PATCH 4/4] syscalls/add_key03: new test for forging user keyrings
Date: Wed, 11 Oct 2017 13:53:31 +0000 [thread overview]
Message-ID: <20171011135330.GD15968@rei> (raw)
In-Reply-To: <20171011134748.GC15968@rei>
Hi!
> > +static void do_test(void)
> > +{
> > + int i;
> > +
> > + /*
> > + * Try with multiple user IDs before reporting success. By chance, some
> > + * users may already have an existing user keyring; the bug will not be
> > + * reproducible for them.
> > + */
> > + for (i = 0; i < 10; i++) {
> > + char description[32];
> > + uid_t uid;
> > + key_serial_t fake_user_keyring;
> > + key_serial_t fake_user_session_keyring;
> > +
> > + uid = rand();
> > + if (uid = 0)
> > + continue;
>
> We have testcases that look for unused uid with this loop:
>
> for (i = 1; i < 1000; i++) {
> if (!getpwuid(i))
> return i;
> }
>
> What about using this instead of doing 10 random tries?
Or even better try to get the keyring as an user and proceed with the
test if there is none?
--
Cyril Hrubis
chrubis@suse.cz
WARNING: multiple messages have this Message-ID (diff)
From: Cyril Hrubis <chrubis@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 4/4] syscalls/add_key03: new test for forging user keyrings
Date: Wed, 11 Oct 2017 15:53:31 +0200 [thread overview]
Message-ID: <20171011135330.GD15968@rei> (raw)
In-Reply-To: <20171011134748.GC15968@rei>
Hi!
> > +static void do_test(void)
> > +{
> > + int i;
> > +
> > + /*
> > + * Try with multiple user IDs before reporting success. By chance, some
> > + * users may already have an existing user keyring; the bug will not be
> > + * reproducible for them.
> > + */
> > + for (i = 0; i < 10; i++) {
> > + char description[32];
> > + uid_t uid;
> > + key_serial_t fake_user_keyring;
> > + key_serial_t fake_user_session_keyring;
> > +
> > + uid = rand();
> > + if (uid == 0)
> > + continue;
>
> We have testcases that look for unused uid with this loop:
>
> for (i = 1; i < 1000; i++) {
> if (!getpwuid(i))
> return i;
> }
>
> What about using this instead of doing 10 random tries?
Or even better try to get the keyring as an user and proceed with the
test if there is none?
--
Cyril Hrubis
chrubis@suse.cz
next prev parent reply other threads:[~2017-10-11 13:53 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-11 13:47 [LTP] [PATCH 4/4] syscalls/add_key03: new test for forging user keyrings Cyril Hrubis
2017-10-11 13:47 ` Cyril Hrubis
2017-10-11 13:53 ` Cyril Hrubis [this message]
2017-10-11 13:53 ` Cyril Hrubis
-- strict thread matches above, loose matches on Subject: below --
2017-10-10 17:51 Eric Biggers
2017-10-10 17:51 ` [LTP] " Eric Biggers
2017-10-10 17:51 [PATCH 3/4] syscalls/keyctl07: new test for oops when reading negative key Eric Biggers
2017-10-10 17:51 ` [LTP] " Eric Biggers
2017-10-10 17:51 [PATCH 2/4] syscalls/keyctl06: new test for keyring_read() buffer overrun Eric Biggers
2017-10-10 17:51 ` [LTP] " Eric Biggers
2017-10-10 17:51 [PATCH 1/4] lapi/keyctl.h: add a few missing definitions Eric Biggers
2017-10-10 17:51 ` [LTP] " Eric Biggers
2017-10-10 17:51 [PATCH 0/4] ltp: add tests for some recently-fixed keyrings bugs Eric Biggers
2017-10-10 17:51 ` [LTP] " Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171011135330.GD15968@rei \
--to=chrubis@suse.cz \
--cc=keyrings@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.