From: "xuyang2018.jy@fujitsu.com" <xuyang2018.jy@fujitsu.com>
To: "xuyang2018.jy@fujitsu.com" <xuyang2018.jy@fujitsu.com>,
"fstests@vger.kernel.org" <fstests@vger.kernel.org>
Cc: "djwong@kernel.org" <djwong@kernel.org>
Subject: Re: [PATCH] generic/673: Add separate sgid stripping sub-tests
Date: Tue, 26 Apr 2022 07:51:02 +0000 [thread overview]
Message-ID: <6267B2CE.5030807@fujitsu.com> (raw)
In-Reply-To: <1650961806-2219-1-git-send-email-xuyang2018.jy@fujitsu.com>
on2022/4/26 16:30, Yang Xu wrote:
> Even kernel doesn't get ATTR_KILL_SGID mask and get ATTR_KILL_SUID mask,
> we still can strip S_ISGID mode in setattr_prepare and setattr_copy.
>
> We should check separate sgid stripping logic whether works well
> on different filesystems.
>
Sorry, I miss user-exec case. Will resend it.
> Also fix comments error.
>
> Signed-off-by: Yang Xu<xuyang2018.jy@fujitsu.com>
> ---
> tests/generic/673 | 31 ++++++++++++++++++++++++-------
> tests/generic/673.out | 18 ++++++++++++++++++
> 2 files changed, 42 insertions(+), 7 deletions(-)
>
> diff --git a/tests/generic/673 b/tests/generic/673
> index 0377c5f6..572abb7b 100755
> --- a/tests/generic/673
> +++ b/tests/generic/673
> @@ -53,8 +53,7 @@ commit_and_check() {
> echo
> }
>
> -# Commit to a non-exec file by an unprivileged user clears suid but leaves
> -# sgid.
> +# Commit to a non-exec file by an unprivileged user clears suid and sgid
> echo "Test 1 - qa_user, non-exec file"
> setup_testfile
> chmod a+rws $SCRATCH_MNT/a
> @@ -66,7 +65,7 @@ setup_testfile
> chmod g+x,a+rws $SCRATCH_MNT/a
> commit_and_check "$qa_user"
>
> -# Commit to a user-exec file by an unprivileged user clears suid but not sgid.
> +# Commit to a user-exec file by an unprivileged user clears suid and sgid.
> echo "Test 3 - qa_user, user-exec file"
> setup_testfile
> chmod u+x,a+rws,g-x $SCRATCH_MNT/a
> @@ -78,30 +77,48 @@ setup_testfile
> chmod a+rwxs $SCRATCH_MNT/a
> commit_and_check "$qa_user"
>
> -# Commit to a non-exec file by root clears suid but leaves sgid.
> +# Commit to a non-exec file by root leaves suid and sgid.
> echo "Test 5 - root, non-exec file"
> setup_testfile
> chmod a+rws $SCRATCH_MNT/a
> commit_and_check
>
> -# Commit to a group-exec file by root clears suid and sgid.
> +# Commit to a group-exec file by root leaves suid and sgid.
> echo "Test 6 - root, group-exec file"
> setup_testfile
> chmod g+x,a+rws $SCRATCH_MNT/a
> commit_and_check
>
> -# Commit to a user-exec file by root clears suid but not sgid.
> +# Commit to a user-exec file by root leaves suid and sgid.
> echo "Test 7 - root, user-exec file"
> setup_testfile
> chmod u+x,a+rws,g-x $SCRATCH_MNT/a
> commit_and_check
>
> -# Commit to a all-exec file by root clears suid and sgid.
> +# Commit to a all-exec file by root leaves suid and sgid.
> echo "Test 8 - root, all-exec file"
> setup_testfile
> chmod a+rwxs $SCRATCH_MNT/a
> commit_and_check
>
> +#Commit to a non-exec file by unprivileged user leaves sgid.
> +echo "Test 9 - qa_user, non-exec file, only sgid"
> +setup_testfile
> +chmod a+rw,g+rws $SCRATCH_MNT/a
> +commit_and_check "$qa_user"
> +
> +#Commit to a non-exec file by unprivileged user clears sgid
> +echo "Test 10 - qa_user, group-exec file, only sgid"
> +setup_testfile
> +chmod a+rw,g+rwxs $SCRATCH_MNT/a
> +commit_and_check "$qa_user"
> +
> +#Commit to a non-exec file by unprivileged user clears sgid.
> +echo "Test 11 - qa_user, all-exec file, only sgid"
> +setup_testfile
> +chmod a+rwx,g+rwxs $SCRATCH_MNT/a
> +commit_and_check "$qa_user"
> +
> # success, all done
> status=0
> exit
> diff --git a/tests/generic/673.out b/tests/generic/673.out
> index 4d18bca2..767251f2 100644
> --- a/tests/generic/673.out
> +++ b/tests/generic/673.out
> @@ -47,3 +47,21 @@ Test 8 - root, all-exec file
> 3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a
> 6777 -rwsrwsrwx SCRATCH_MNT/a
>
> +Test 9 - qa_user, non-exec file, only sgid
> +310f146ce52077fcd3308dcbe7632bb2 SCRATCH_MNT/a
> +2666 -rw-rwSrw- SCRATCH_MNT/a
> +3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a
> +2666 -rw-rwSrw- SCRATCH_MNT/a
> +
> +Test 10 - qa_user, group-exec file, only sgid
> +310f146ce52077fcd3308dcbe7632bb2 SCRATCH_MNT/a
> +2676 -rw-rwsrw- SCRATCH_MNT/a
> +3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a
> +676 -rw-rwxrw- SCRATCH_MNT/a
> +
> +Test 11 - qa_user, all-exec file, only sgid
> +310f146ce52077fcd3308dcbe7632bb2 SCRATCH_MNT/a
> +2777 -rwxrwsrwx SCRATCH_MNT/a
> +3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a
> +777 -rwxrwxrwx SCRATCH_MNT/a
> +
prev parent reply other threads:[~2022-04-26 7:52 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-26 8:30 [PATCH] generic/673: Add separate sgid stripping sub-tests Yang Xu
2022-04-26 7:51 ` xuyang2018.jy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6267B2CE.5030807@fujitsu.com \
--to=xuyang2018.jy@fujitsu.com \
--cc=djwong@kernel.org \
--cc=fstests@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.