From: Eryu Guan <guan@eryu.me>
To: Eric Sandeen <sandeen@redhat.com>
Cc: fstests <fstests@vger.kernel.org>
Subject: Re: [PATCH 2/3] fstests: test restricted symlinks & hardlinks sysctls
Date: Sun, 17 May 2020 23:55:05 +0800 [thread overview]
Message-ID: <20200517155505.GD2704@desktop> (raw)
In-Reply-To: <294c5739-ff30-285c-8cf7-11a6dff98294@redhat.com>
On Tue, May 05, 2020 at 03:20:10PM -0500, Eric Sandeen wrote:
> This tests the fs.protected_symlinks and fs.protected_hardlinks
> sysctls which restrict links behavior in sticky world-writable
> directories as documented in the kernel at
> Documentation/admin-guide/sysctl/fs.rst
>
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
> ---
>
> diff --git a/tests/generic/900 b/tests/generic/900
> new file mode 100755
> index 00000000..f0ac46ef
> --- /dev/null
> +++ b/tests/generic/900
> @@ -0,0 +1,114 @@
> +#! /bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +# Copyright (c) 2020 Red Hat, Inc. All Rights Reserved.
> +#
> +# FS QA Test 900
> +#
> +# Test protected_symlink and protected_hardlink ioctls
> +#
> +seq=`basename $0`
> +seqres=$RESULT_DIR/$seq
> +echo "QA output created by $seq"
> +
> +here=`pwd`
> +tmp=/tmp/$$
> +status=1 # failure is the default!
> +trap "_cleanup; exit \$status" 0 1 2 3 15
> +
> +_cleanup()
> +{
> + rm -rf $TEST_DIR/$seq
> + sysctl -qw fs.protected_symlinks=$SYMLINK_PROTECTION
> + sysctl -qw fs.protected_hardlinks=$HARDLINK_PROTECTION
Restore the sysctl only if "SYMLINK_PROTECTION" and
"HARDLINK_PROTECTION" are set.
> + cd /
> + rm -f $tmp.*
> +}
> +
> +# get standard environment, filters and checks
> +. ./common/rc
> +. ./common/filter
> +
> +# remove previous $seqres.full before test
> +rm -f $seqres.full
> +
> +# real QA test starts here
> +
> +# Modify as appropriate.
> +_supported_fs generic
> +_supported_os Linux
> +_require_test
> +_require_sysctl fs.protected_symlinks
> +_require_sysctl fs.protected_hardlinks
> +_require_user fsgqa
> +_require_user fsgqa2
New user :) update README as well?
> +
> +OWNER=fsgqa
> +OTHER=fsgqa2
> +
> +# Save current system state to reset when done
> +SYMLINK_PROTECTION=`sysctl -n fs.protected_symlinks`
> +HARDLINK_PROTECTION=`sysctl -n fs.protected_hardlinks`
> +
> +test_symlink()
> +{
> + ln -s $TEST_DIR/$seq/target $TEST_DIR/$seq/sticky_dir/symlink
> + chown $OTHER.$OTHER $TEST_DIR/$seq/sticky_dir
> + chown $OWNER.$OWNER $TEST_DIR/$seq/sticky_dir/symlink
> + # If we can read the target, we followed the link
> + sudo -u $OTHER cat $TEST_DIR/$seq/sticky_dir/symlink 2>&1 \
Use _user_do instead of sudo?
> + | _filter_test_dir
> + rm -f $TEST_DIR/$seq/sticky_dir/symlink
> +}
> +
> +test_hardlink()
> +{
> + chown $OWNER.$OWNER $TEST_DIR/$seq/target
> + chmod go-rw $TEST_DIR/$seq/target
> + sudo -u $OTHER \
> + ln $TEST_DIR/$seq/target $TEST_DIR/$seq/sticky_dir/hardlink 2>&1 \
> + | _filter_test_dir
Same here.
Thanks,
Eryu
> + test -f $TEST_DIR/$seq/sticky_dir/hardlink \
> + && echo "successfully created hardlink"
> + rm -f $TEST_DIR/$seq/sticky_dir/hardlink
> +}
> +
> +setup_tree()
> +{
> + # Create world-writable sticky dir
> + mkdir -p $TEST_DIR/$seq/sticky_dir
> + chmod 1777 $TEST_DIR/$seq/sticky_dir
> + # And a file elsewhere that will be linked to from that sticky dir
> + mkdir -p $TEST_DIR/$seq
> + # If we can read it, we followed the link.
> + echo "successfully followed symlink" > $TEST_DIR/$seq/target
> +}
> +
> +setup_tree
> +
> +# First test fs.protected_symlinks
> +# With protection on, symlink follows should fail if the
> +# link owner != the sticky directory owner, and the process
> +# is not the link owner.
> +echo "== Test symlink follow protection when"
> +echo "== process != link owner and dir owner != link owner"
> +sysctl -w fs.protected_symlinks=0
> +test_symlink
> +sysctl -w fs.protected_symlinks=1
> +test_symlink
> +
> +echo
> +
> +# Now test fs.protected_hardlinks
> +# With protection on, hardlink creation should fail if the
> +# process does not own the target file, and the process does not have
> +# read-write access to the target
> +echo "== Test hardlink create protection when"
> +echo "== process != target owner and process cannot read target"
> +sysctl -w fs.protected_hardlinks=0
> +test_hardlink
> +sysctl -w fs.protected_hardlinks=1
> +test_hardlink
> +
> +# success, all done
> +status=0
> +exit
> diff --git a/tests/generic/900.out b/tests/generic/900.out
> new file mode 100644
> index 00000000..c9b26dbd
> --- /dev/null
> +++ b/tests/generic/900.out
> @@ -0,0 +1,14 @@
> +QA output created by 900
> +== Test symlink follow protection when
> +== process != link owner and dir owner != link owner
> +fs.protected_symlinks = 0
> +successfully followed symlink
> +fs.protected_symlinks = 1
> +cat: TEST_DIR/900/sticky_dir/symlink: Permission denied
> +
> +== Test hardlink create protection when
> +== process != target owner and process cannot read target
> +fs.protected_hardlinks = 0
> +successfully created hardlink
> +fs.protected_hardlinks = 1
> +ln: failed to create hard link 'TEST_DIR/900/sticky_dir/hardlink' => 'TEST_DIR/900/target': Operation not permitted
> diff --git a/tests/generic/group b/tests/generic/group
> index 718575ba..782b0cc3 100644
> --- a/tests/generic/group
> +++ b/tests/generic/group
> @@ -598,3 +598,4 @@
> 594 auto quick quota
> 595 auto quick encrypt
> 596 auto quick
> +900 auto quick perms
>
next prev parent reply other threads:[~2020-05-17 15:55 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-05 20:16 [PATCH 0/3] fstests: test restricted file access sysctls Eric Sandeen
2020-05-05 20:17 ` [PATCH 1/3] fstests: add _require_sysctl helper Eric Sandeen
2020-05-06 18:35 ` Bill O'Donnell
2020-05-17 15:50 ` Eryu Guan
2020-05-05 20:20 ` [PATCH 2/3] fstests: test restricted symlinks & hardlinks sysctls Eric Sandeen
2020-05-06 18:44 ` Bill O'Donnell
2020-05-06 18:48 ` Eric Sandeen
2020-05-06 18:52 ` Bill O'Donnell
2020-05-17 15:55 ` Eryu Guan [this message]
2020-05-18 14:42 ` Eric Sandeen
2020-05-18 14:45 ` Eric Sandeen
2020-05-05 20:21 ` [PATCH 3/3] fstests: test restricted file access sysctls Eric Sandeen
2020-05-06 18:47 ` Bill O'Donnell
2020-05-06 18:53 ` Bill O'Donnell
2020-05-06 19:23 ` Eric Sandeen
2020-05-06 19:29 ` [PATCH 3/3 V2] " Eric Sandeen
2020-05-06 19:42 ` Bill O'Donnell
2020-05-17 15:57 ` Eryu Guan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200517155505.GD2704@desktop \
--to=guan@eryu.me \
--cc=fstests@vger.kernel.org \
--cc=sandeen@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.