From mboxrd@z Thu Jan  1 00:00:00 1970
From: Cyril Hrubis <chrubis@suse.cz>
Date: Wed, 11 Oct 2017 15:53:31 +0200
Subject: [LTP] [PATCH 4/4] syscalls/add_key03: new test for forging user
 keyrings
In-Reply-To: <20171011134748.GC15968@rei>
References: <20171010175120.90586-1-ebiggers3@gmail.com>
 <20171010175120.90586-5-ebiggers3@gmail.com>
 <20171011134748.GC15968@rei>
Message-ID: <20171011135330.GD15968@rei>
List-Id: <ltp.lists.linux.it>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: ltp@lists.linux.it

Hi!
> > +static void do_test(void)
> > +{
> > +	int i;
> > +
> > +	/*
> > +	 * Try with multiple user IDs before reporting success.  By chance, some
> > +	 * users may already have an existing user keyring; the bug will not be
> > +	 * reproducible for them.
> > +	 */
> > +	for (i = 0; i < 10; i++) {
> > +		char description[32];
> > +		uid_t uid;
> > +		key_serial_t fake_user_keyring;
> > +		key_serial_t fake_user_session_keyring;
> > +
> > +		uid = rand();
> > +		if (uid == 0)
> > +			continue;
> 
> We have testcases that look for unused uid with this loop:
> 
> 	for (i = 1; i < 1000; i++) {
> 		if (!getpwuid(i))
> 			return i;
> 	}
> 
> What about using this instead of doing 10 random tries?

Or even better try to get the keyring as an user and proceed with the
test if there is none?

-- 
Cyril Hrubis
chrubis@suse.cz