From: Bill O'Donnell <billodo@redhat.com>
To: Eric Sandeen <sandeen@redhat.com>
Cc: fstests <fstests@vger.kernel.org>
Subject: Re: [PATCH 3/3 V2] fstests: test restricted file access sysctls
Date: Wed, 6 May 2020 14:42:56 -0500 [thread overview]
Message-ID: <20200506194256.GA156072@redhat.com> (raw)
In-Reply-To: <646dee70-4758-99cc-6164-36c640126616@redhat.com>
On Wed, May 06, 2020 at 02:29:42PM -0500, Eric Sandeen wrote:
> This tests the fs.protected_regular and fs.protected_fifos
> sysctls which restrict access behavior in sticky world-writable
> directories as documented in the kernel at
> Documentation/admin-guide/sysctl/fs.rst
>
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
> ---
>
> V2: Don't count on nonzero exit from xfs_io since that is almost
> always broken and was only recently fixed and may end up broken
> again... collect & check any emitted error messages instead.
>
> diff --git a/tests/generic/901 b/tests/generic/901
> new file mode 100755
> index 00000000..9bb658e0
> --- /dev/null
> +++ b/tests/generic/901
> @@ -0,0 +1,133 @@
> +#! /bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +# Copyright (c) 2020 YOUR NAME HERE. All Rights Reserved.
> +#
> +# FS QA Test 900
> +#
> +# Test protected_symlink and protected_hardlink ioctls
> +#
> +seq=`basename $0`
> +seqres=$RESULT_DIR/$seq
> +echo "QA output created by $seq"
> +
> +here=`pwd`
> +tmp=/tmp/$$
> +status=1 # failure is the default!
> +trap "_cleanup; exit \$status" 0 1 2 3 15
> +
> +_cleanup()
> +{
> + rm -rf $TEST_DIR/$seq
> + sysctl -qw fs.protected_regular=$REGULAR_PROTECTION
> + sysctl -qw fs.protected_fifos=$FIFO_PROTECTION
> + cd /
> + rm -f $tmp.*
> +}
> +
> +# get standard environment, filters and checks
> +. ./common/rc
> +. ./common/filter
> +
> +# remove previous $seqres.full before test
> +rm -f $seqres.full
> +
> +# real QA test starts here
> +
> +# Modify as appropriate.
> +_supported_fs generic
> +_supported_os Linux
> +_require_test
> +_require_sysctl fs.protected_regular
> +_require_sysctl fs.protected_fifos
> +_require_user fsgqa
> +_require_user fsgqa2
> +
> +USER1=fsgqa
> +USER2=fsgqa2
> +
> +# Save current system state to reset when done
> +REGULAR_PROTECTION=`sysctl -n fs.protected_regular`
> +FIFO_PROTECTION=`sysctl -n fs.protected_fifos`
> +
> +test_access()
> +{
> + FILENAME=$1
> +
> + # sticky dir is world & group writable:
> + echo "= group & world writable dir"
> + chmod og+w $TEST_DIR/$seq/sticky_dir
> + # "open -f" opens O_CREAT
> + result=`sudo -u $USER2 $XFS_IO_PROG -c "open -f $TEST_DIR/$seq/sticky_dir/$FILENAME" 2>&1`
> + if [ -z "$result" ]; then
> + echo "successfully opened $FILENAME"
> + else
> + echo $result | _filter_test_dir
> + fi
Makes sense, thanks.
Reviewed-by: Bill O'Donnell <billodo@redhat.com>
> + # sticky dir is only group writable:
> + echo "= only group writable dir"
> + chmod o-w $TEST_DIR/$seq/sticky_dir
> + result=`sudo -u $USER2 $XFS_IO_PROG -c "open -f $TEST_DIR/$seq/sticky_dir/$FILENAME" 2>&1`
> + if [ -z "$result" ]; then
> + echo "successfully opened $FILENAME"
> + else
> + echo $result | _filter_test_dir
> + fi
> +}
> +
> +setup_tree()
> +{
> + # Create sticky dir owned by $USER2
> + mkdir -p $TEST_DIR/$seq
> + mkdir -p $TEST_DIR/$seq/sticky_dir
> + chmod 1777 $TEST_DIR/$seq/sticky_dir
> + chown $USER2.$USER2 $TEST_DIR/$seq/sticky_dir
> +
> + # Create file & fifo in that dir owned by $USER1, and open
> + # normal read/write privs for world & group
> + $XFS_IO_PROG -c "open -f $TEST_DIR/$seq/sticky_dir/file"
> + chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/file
> + chmod o+rw $TEST_DIR/$seq/sticky_dir/file
> +
> + mkfifo $TEST_DIR/$seq/sticky_dir/fifo
> + chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/fifo
> + chmod o+rw $TEST_DIR/$seq/sticky_dir/fifo
> +}
> +
> +setup_tree
> +
> +# First test fs.protected_regular
> +# With protection set to 1, O_CREAT opens in a world-writable sticky
> +# directory should fail if the file exists, is owned by another, and
> +# file owner != dir owner
> +#
> +# With protection set to 2, the same goes for group-writable
> +# sticky directories
> +
> +echo "== Test file open when owned by another and file owner != dir owner"
> +sysctl -w fs.protected_regular=0
> +test_access file
> +sysctl -w fs.protected_regular=1
> +test_access file
> +sysctl -w fs.protected_regular=2
> +test_access file
> +
> +echo
> +
> +# Now test fs.protected_fifos
> +# With protection set to 1, O_CREAT opens in a world-writable sticky
> +# directory should fail if the fifo exists, is owned by another, and
> +# file owner != dir owner
> +#
> +# With protection set to 2, the same goes for group-writable
> +# sticky directories
> +echo "== Test fifo open when owned by another and fifo owner != dir owner"
> +sysctl -w fs.protected_fifos=0
> +test_access fifo
> +sysctl -w fs.protected_fifos=1
> +test_access fifo
> +sysctl -w fs.protected_fifos=2
> +test_access fifo
> +
> +# success, all done
> +status=0
> +exit
> diff --git a/tests/generic/901.out b/tests/generic/901.out
> new file mode 100644
> index 00000000..af774ca5
> --- /dev/null
> +++ b/tests/generic/901.out
> @@ -0,0 +1,34 @@
> +QA output created by 901
> +== Test file open when owned by another and file owner != dir owner
> +fs.protected_regular = 0
> += group & world writable dir
> +successfully opened file
> += only group writable dir
> +successfully opened file
> +fs.protected_regular = 1
> += group & world writable dir
> +TEST_DIR/901/sticky_dir/file: Permission denied
> += only group writable dir
> +successfully opened file
> +fs.protected_regular = 2
> += group & world writable dir
> +TEST_DIR/901/sticky_dir/file: Permission denied
> += only group writable dir
> +TEST_DIR/901/sticky_dir/file: Permission denied
> +
> +== Test fifo open when owned by another and fifo owner != dir owner
> +fs.protected_fifos = 0
> += group & world writable dir
> +successfully opened fifo
> += only group writable dir
> +successfully opened fifo
> +fs.protected_fifos = 1
> += group & world writable dir
> +TEST_DIR/901/sticky_dir/fifo: Permission denied
> += only group writable dir
> +successfully opened fifo
> +fs.protected_fifos = 2
> += group & world writable dir
> +TEST_DIR/901/sticky_dir/fifo: Permission denied
> += only group writable dir
> +TEST_DIR/901/sticky_dir/fifo: Permission denied
> diff --git a/tests/generic/group b/tests/generic/group
> index 782b0cc3..d1e529d5 100644
> --- a/tests/generic/group
> +++ b/tests/generic/group
> @@ -599,3 +599,4 @@
> 595 auto quick encrypt
> 596 auto quick
> 900 auto quick perms
> +901 auto quick perms
>
next prev parent reply other threads:[~2020-05-06 19:43 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-05 20:16 [PATCH 0/3] fstests: test restricted file access sysctls Eric Sandeen
2020-05-05 20:17 ` [PATCH 1/3] fstests: add _require_sysctl helper Eric Sandeen
2020-05-06 18:35 ` Bill O'Donnell
2020-05-17 15:50 ` Eryu Guan
2020-05-05 20:20 ` [PATCH 2/3] fstests: test restricted symlinks & hardlinks sysctls Eric Sandeen
2020-05-06 18:44 ` Bill O'Donnell
2020-05-06 18:48 ` Eric Sandeen
2020-05-06 18:52 ` Bill O'Donnell
2020-05-17 15:55 ` Eryu Guan
2020-05-18 14:42 ` Eric Sandeen
2020-05-18 14:45 ` Eric Sandeen
2020-05-05 20:21 ` [PATCH 3/3] fstests: test restricted file access sysctls Eric Sandeen
2020-05-06 18:47 ` Bill O'Donnell
2020-05-06 18:53 ` Bill O'Donnell
2020-05-06 19:23 ` Eric Sandeen
2020-05-06 19:29 ` [PATCH 3/3 V2] " Eric Sandeen
2020-05-06 19:42 ` Bill O'Donnell [this message]
2020-05-17 15:57 ` Eryu Guan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200506194256.GA156072@redhat.com \
--to=billodo@redhat.com \
--cc=fstests@vger.kernel.org \
--cc=sandeen@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.