[LTP] [PATCH v1 3/4] syscalls/capset03: add new EPERM error test without CAP_SETPCAP

public inbox for ltp@lists.linux.it
 help / color / mirror / Atom feed

From: Cyril Hrubis <chrubis@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v1 3/4] syscalls/capset03: add new EPERM error test without CAP_SETPCAP
Date: Thu, 9 Jan 2020 13:41:01 +0100	[thread overview]
Message-ID: <20200109124101.GE31981@rei.lan> (raw)
In-Reply-To: <cb1878f7-a00a-f5d1-c55f-6f80ff01cb6b@cn.fujitsu.com>

Hi!
> > Also the CAP_DROP in the tst_test structure seems to be useless to me.
> > 
> > 
> > Looking at man 7 capabilities, there are also transitions defined for
> > what is supposed to happen when we change user id. It would make sense
> > to write tests that capabilities are correctly dropped when UID changes
> > from 0 to nonzero. Which is what this test is testing when executed as
> > non-root, since the transition from 0 to nonzero must have happened
> > somewhere when user has logged in.
> In man 7 capabilities " Effect of user ID changes on capabilities",
> I see transitions between 0 and nonzero user IDs. But it is about 
> capabilities??not about capset syscall. I think we should add these 
> cases(user ID changes on capabilities) into kernel/security (such as 
> cap_bound or filecaps). In capset, we can only test capset various EPERM 
> error as kernel sercurity/commoncap.c  cap_capset function.
> ---------------------------------
>       if (cap_inh_is_capped() &&
>              !cap_issubset(*inheritable,
>                            cap_combine(old->cap_inheritable,
>                                        old->cap_permitted)))
>                  /* incapable of using this inheritable set */
>                  return -EPERM;
> 
>          if (!cap_issubset(*inheritable,
>                            cap_combine(old->cap_inheritable,
>                                        old->cap_bset)))
>                  /* no new pI capabilities outside bounding set */
>                  return -EPERM;
> 
>          /* verify restrictions on target's new Permitted set */
>          if (!cap_issubset(*permitted, old->cap_permitted))
>                  return -EPERM;
> 
>          /* verify the _new_Effective_ is a subset of the _new_Permitted_ */
>          if (!cap_issubset(*effective, *permitted))
>                  return -EPERM;
> ---------------------------------

Indeed these does not belog under setcap(). Maybe we could add these
checks under setuid tests, since we are testing side efect of setuid.
But having these under security/ would work as well.

> Also, if we only run under root, CAP_DROP(CAP_SETPCAP) is needed  to 
> reproduce this EPERM error.

Isn't the first thing that the test does to remove all capabilities but
CAP_KILL? Why do we need to drop anything beforehand?

-- 
Cyril Hrubis
chrubis@suse.cz

next prev parent reply	other threads:[~2020-01-09 12:41 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-17 10:12 [LTP] [PATCH v1 0/4] cleanup capset testcase Yang Xu
2019-12-17 10:12 ` [LTP] [PATCH v1 1/4] syscalls/capset01: Cleanup & convert to new library Yang Xu
2020-01-07 13:32   ` Cyril Hrubis
2020-01-08  2:37     ` Yang Xu
2019-12-17 10:12 ` [LTP] [PATCH v1 2/4] syscalls/capset02: " Yang Xu
2019-12-17 10:12 ` [LTP] [PATCH v1 3/4] syscalls/capset03: add new EPERM error test without CAP_SETPCAP Yang Xu
2020-01-07 13:39   ` Cyril Hrubis
2020-01-08  3:19     ` Yang Xu
2020-01-08 11:03       ` Cyril Hrubis
2020-01-09  6:17         ` Yang Xu
2020-01-09 12:41           ` Cyril Hrubis [this message]
2020-01-10  5:35             ` Yang Xu
2020-01-10 10:21             ` [LTP] [PATCH v2 1/3] syscalls/capset02: Cleanup & convert to new library Yang Xu
2020-01-10 10:21               ` [LTP] [PATCH v2 2/3] syscalls/capset03: add new EPERM error test without CAP_SETPCAP Yang Xu
2020-01-15 14:28                 ` Cyril Hrubis
2020-01-10 10:21               ` [LTP] [PATCH v2 3/3] syscalls/capset04: add new EPERM error test with vfs cap support Yang Xu
2020-01-15 14:28                 ` Cyril Hrubis
2020-01-10 14:30               ` [LTP] [PATCH v2 1/3] syscalls/capset02: Cleanup & convert to new library Cyril Hrubis
2020-01-13  1:31                 ` Yang Xu
2020-01-15 13:43               ` Cyril Hrubis
2019-12-17 10:12 ` [LTP] [PATCH v3 4/5] syscalls/quotactl05: add project quota test for xfs filesystem Yang Xu
2019-12-17 10:16   ` Yang Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200109124101.GE31981@rei.lan \
    --to=chrubis@suse.cz \
    --cc=ltp@lists.linux.it \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox