From: Cyril Hrubis <chrubis@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 1/3] syscalls/creat08: Convert to new API
Date: Fri, 13 Aug 2021 19:19:01 +0200 [thread overview]
Message-ID: <YRaphbjrYNrxEdGa@yuki> (raw)
In-Reply-To: <68c16d3e-09f6-568d-15e2-43685a0619a2@suse.cz>
Hi!
> > The root GID is 0 by definition and on my machine root is a member of
> > bin group yet the test seems to work fine. I do not get how root having
> > the bin group (or nobody+1) in the list of supplementary groups will
> > interfere with the test.
>
> Simple: The last test case is checking whether root has an exception
> from the setgid bit removal logic that fixed the CVE. This logic is not
> applied when the file is being created by a member of the group which
> owns the parent directory. If root happens to be an explicit member of
> the second group, the last subtest will pass even when the kernel
> doesn't apply the root exception properly.
Then I guess the easiest and safest option would be to call
setgroups(0, NULL) in the test setup.
--
Cyril Hrubis
chrubis@suse.cz
prev parent reply other threads:[~2021-08-13 17:19 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-06 15:45 [LTP] [PATCH 1/3] syscalls/creat08: Convert to new API Martin Doucha
2021-08-06 15:45 ` [LTP] [PATCH 2/3] syscalls/open10: " Martin Doucha
2021-08-06 15:45 ` [LTP] [PATCH 3/3] Add test for CVE 2018-13405 Martin Doucha
2021-08-17 10:23 ` Richard Palethorpe
2021-08-17 10:33 ` Martin Doucha
2021-08-17 11:53 ` Richard Palethorpe
2021-08-13 13:49 ` [LTP] [PATCH 1/3] syscalls/creat08: Convert to new API Cyril Hrubis
2021-08-13 14:15 ` Martin Doucha
2021-08-13 14:27 ` Cyril Hrubis
2021-08-13 14:30 ` Martin Doucha
2021-08-13 15:18 ` Cyril Hrubis
2021-08-13 15:33 ` Martin Doucha
2021-08-13 17:19 ` Cyril Hrubis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YRaphbjrYNrxEdGa@yuki \
--to=chrubis@suse.cz \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.