[LTP] [PATCH v1 3/4] syscalls/capset03: add new EPERM error test without CAP_SETPCAP

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Cyril Hrubis <chrubis@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v1 3/4] syscalls/capset03: add new EPERM error test without CAP_SETPCAP
Date: Thu, 9 Jan 2020 13:41:01 +0100	[thread overview]
Message-ID: <20200109124101.GE31981@rei.lan> (raw)
In-Reply-To: <cb1878f7-a00a-f5d1-c55f-6f80ff01cb6b@cn.fujitsu.com>

Hi!
> > Also the CAP_DROP in the tst_test structure seems to be useless to me.
> > 
> > 
> > Looking at man 7 capabilities, there are also transitions defined for
> > what is supposed to happen when we change user id. It would make sense
> > to write tests that capabilities are correctly dropped when UID changes
> > from 0 to nonzero. Which is what this test is testing when executed as
> > non-root, since the transition from 0 to nonzero must have happened
> > somewhere when user has logged in.
> In man 7 capabilities " Effect of user ID changes on capabilities",
> I see transitions between 0 and nonzero user IDs. But it is about 
> capabilities??not about capset syscall. I think we should add these 
> cases(user ID changes on capabilities) into kernel/security (such as 
> cap_bound or filecaps). In capset, we can only test capset various EPERM 
> error as kernel sercurity/commoncap.c  cap_capset function.
> ---------------------------------
>       if (cap_inh_is_capped() &&
>              !cap_issubset(*inheritable,
>                            cap_combine(old->cap_inheritable,
>                                        old->cap_permitted)))
>                  /* incapable of using this inheritable set */
>                  return -EPERM;
> 
>          if (!cap_issubset(*inheritable,
>                            cap_combine(old->cap_inheritable,
>                                        old->cap_bset)))
>                  /* no new pI capabilities outside bounding set */
>                  return -EPERM;
> 
>          /* verify restrictions on target's new Permitted set */
>          if (!cap_issubset(*permitted, old->cap_permitted))
>                  return -EPERM;
> 
>          /* verify the _new_Effective_ is a subset of the _new_Permitted_ */
>          if (!cap_issubset(*effective, *permitted))
>                  return -EPERM;
> ---------------------------------

Indeed these does not belog under setcap(). Maybe we could add these
checks under setuid tests, since we are testing side efect of setuid.
But having these under security/ would work as well.

> Also, if we only run under root, CAP_DROP(CAP_SETPCAP) is needed  to 
> reproduce this EPERM error.

Isn't the first thing that the test does to remove all capabilities but
CAP_KILL? Why do we need to drop anything beforehand?

-- 
Cyril Hrubis
chrubis@suse.cz

next prev parent reply	other threads:[~2020-01-09 12:41 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-17 10:12 [LTP] [PATCH v1 0/4] cleanup capset testcase Yang Xu
2019-12-17 10:12 ` [LTP] [PATCH v1 1/4] syscalls/capset01: Cleanup & convert to new library Yang Xu
2020-01-07 13:32   ` Cyril Hrubis
2020-01-08  2:37     ` Yang Xu
2019-12-17 10:12 ` [LTP] [PATCH v1 2/4] syscalls/capset02: " Yang Xu
2019-12-17 10:12 ` [LTP] [PATCH v1 3/4] syscalls/capset03: add new EPERM error test without CAP_SETPCAP Yang Xu
2020-01-07 13:39   ` Cyril Hrubis
2020-01-08  3:19     ` Yang Xu
2020-01-08 11:03       ` Cyril Hrubis
2020-01-09  6:17         ` Yang Xu
2020-01-09 12:41           ` Cyril Hrubis [this message]
2020-01-10  5:35             ` Yang Xu
2020-01-10 10:21             ` [LTP] [PATCH v2 1/3] syscalls/capset02: Cleanup & convert to new library Yang Xu
2020-01-10 10:21               ` [LTP] [PATCH v2 2/3] syscalls/capset03: add new EPERM error test without CAP_SETPCAP Yang Xu
2020-01-15 14:28                 ` Cyril Hrubis
2020-01-10 10:21               ` [LTP] [PATCH v2 3/3] syscalls/capset04: add new EPERM error test with vfs cap support Yang Xu
2020-01-15 14:28                 ` Cyril Hrubis
2020-01-10 14:30               ` [LTP] [PATCH v2 1/3] syscalls/capset02: Cleanup & convert to new library Cyril Hrubis
2020-01-13  1:31                 ` Yang Xu
2020-01-15 13:43               ` Cyril Hrubis
2019-12-17 10:12 ` [LTP] [PATCH v3 4/5] syscalls/quotactl05: add project quota test for xfs filesystem Yang Xu
2019-12-17 10:16   ` Yang Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200109124101.GE31981@rei.lan \
    --to=chrubis@suse.cz \
    --cc=ltp@lists.linux.it \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.