* [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c
@ 2010-02-08 6:02 Shi Weihua
2010-02-08 6:08 ` Rishikesh
0 siblings, 1 reply; 5+ messages in thread
From: Shi Weihua @ 2010-02-08 6:02 UTC (permalink / raw)
To: subrata; +Cc: ltp-list
An error occured on my i386 box.
(OS: Fedora8, Kernel: 2.6.33-rc6, libcap: libcap-2.16)
-------------
exec_without_inh 1 TFAIL : Failed to drop CAP_SYS_ADMIN from bounding set.
exec_without_inh 0 TINFO : (ret=-1, errno 38)
-------------
If the macro HAVE_DECL_CAP_BSET_DROP is 0, this error will occurs.
But the program should to be broken when f != CAP_SET, like the similar code
"if (ret || f != CAP_SET) {" in exec_with_inh.c.
The TBROK message will be outputted if my patch merged.
-------------
exec_without_inh 1 TBROK : Failed to add CAP_SYS_ADMIN to pI
-------------
Signed-off-by: Shi Weihua <shiwh@cn.fujitsu.com>
---
--- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500
+++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-08 11:55:00.000000000 -0500
@@ -80,6 +80,11 @@ int main(int argc, char *argv[])
tst_exit();
}
}
+ else if (ret) {
+ tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n");
+ tst_exit();
+ }
+
#if HAVE_DECL_CAP_FREE
cap_free(cur);
#endif
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c 2010-02-08 6:02 [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c Shi Weihua @ 2010-02-08 6:08 ` Rishikesh 2010-02-08 10:10 ` Garrett Cooper 0 siblings, 1 reply; 5+ messages in thread From: Rishikesh @ 2010-02-08 6:08 UTC (permalink / raw) To: Shi Weihua; +Cc: ltp-list On 02/08/2010 11:32 AM, Shi Weihua wrote: > An error occured on my i386 box. > (OS: Fedora8, Kernel: 2.6.33-rc6, libcap: libcap-2.16) > ------------- > exec_without_inh 1 TFAIL : Failed to drop CAP_SYS_ADMIN from bounding set. > exec_without_inh 0 TINFO : (ret=-1, errno 38) > ------------- > If the macro HAVE_DECL_CAP_BSET_DROP is 0, this error will occurs. > But the program should to be broken when f != CAP_SET, like the similar code > "if (ret || f != CAP_SET) {" in exec_with_inh.c. > > The TBROK message will be outputted if my patch merged. > ------------- > exec_without_inh 1 TBROK : Failed to add CAP_SYS_ADMIN to pI > Looks good. I will include if others are not having any comment. Acked-by: Rishikesh K Rajak <risrajak@linux.vnet.ibm.com> Thanks Rishi > ------------- > > Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com> > --- > --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500 > +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-08 11:55:00.000000000 -0500 > @@ -80,6 +80,11 @@ int main(int argc, char *argv[]) > tst_exit(); > } > } > + else if (ret) { > + tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n"); > + tst_exit(); > + } > + > #if HAVE_DECL_CAP_FREE > cap_free(cur); > #endif > > ------------------------------------------------------------------------------ > The Planet: dedicated and managed hosting, cloud storage, colocation > Stay online with enterprise data centers and the best network in the business > Choose flexible plans and management services without long-term contracts > Personal 24x7 support from experience hosting pros just a phone call away. > http://p.sf.net/sfu/theplanet-com > _______________________________________________ > Ltp-list mailing list > Ltp-list@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/ltp-list > ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c 2010-02-08 6:08 ` Rishikesh @ 2010-02-08 10:10 ` Garrett Cooper 2010-02-09 2:19 ` Shi Weihua 0 siblings, 1 reply; 5+ messages in thread From: Garrett Cooper @ 2010-02-08 10:10 UTC (permalink / raw) To: Rishikesh; +Cc: ltp-list On Sun, Feb 7, 2010 at 10:08 PM, Rishikesh <risrajak@linux.vnet.ibm.com> wrote: > On 02/08/2010 11:32 AM, Shi Weihua wrote: >> An error occured on my i386 box. >> (OS: Fedora8, Kernel: 2.6.33-rc6, libcap: libcap-2.16) >> ------------- >> exec_without_inh 1 TFAIL : Failed to drop CAP_SYS_ADMIN from bounding set. >> exec_without_inh 0 TINFO : (ret=-1, errno 38) >> ------------- >> If the macro HAVE_DECL_CAP_BSET_DROP is 0, this error will occurs. >> But the program should to be broken when f != CAP_SET, like the similar code >> "if (ret || f != CAP_SET) {" in exec_with_inh.c. >> >> The TBROK message will be outputted if my patch merged. >> ------------- >> exec_without_inh 1 TBROK : Failed to add CAP_SYS_ADMIN to pI >> > Looks good. I will include if others are not having any comment. > > Acked-by: Rishikesh K Rajak <risrajak@linux.vnet.ibm.com> > > Thanks > Rishi > >> ------------- >> >> Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com> >> --- >> --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500 >> +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-08 11:55:00.000000000 -0500 >> @@ -80,6 +80,11 @@ int main(int argc, char *argv[]) >> tst_exit(); >> } >> } >> + else if (ret) { >> + tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n"); >> + tst_exit(); >> + } >> + >> #if HAVE_DECL_CAP_FREE >> cap_free(cur); >> #endif Wow -- I really made a mess of that test a few months back... please do... else if (ret) { tst_brkm(TBROK | TERRNO, tst_exit, "Failed to add CAP_SYS_ADMIN to pI"); } ... instead. Thanks for catching that one failure point ;)...! -Garrett ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c 2010-02-08 10:10 ` Garrett Cooper @ 2010-02-09 2:19 ` Shi Weihua 2010-02-09 14:49 ` Garrett Cooper 0 siblings, 1 reply; 5+ messages in thread From: Shi Weihua @ 2010-02-09 2:19 UTC (permalink / raw) To: Garrett Cooper; +Cc: ltp-list at 2010-2-8 18:10, Garrett Cooper wrote: > On Sun, Feb 7, 2010 at 10:08 PM, Rishikesh <risrajak@linux.vnet.ibm.com> wrote: >> On 02/08/2010 11:32 AM, Shi Weihua wrote: >>> An error occured on my i386 box. >>> (OS: Fedora8, Kernel: 2.6.33-rc6, libcap: libcap-2.16) >>> ------------- >>> exec_without_inh 1 TFAIL : Failed to drop CAP_SYS_ADMIN from bounding set. >>> exec_without_inh 0 TINFO : (ret=-1, errno 38) >>> ------------- >>> If the macro HAVE_DECL_CAP_BSET_DROP is 0, this error will occurs. >>> But the program should to be broken when f != CAP_SET, like the similar code >>> "if (ret || f != CAP_SET) {" in exec_with_inh.c. >>> >>> The TBROK message will be outputted if my patch merged. >>> ------------- >>> exec_without_inh 1 TBROK : Failed to add CAP_SYS_ADMIN to pI >>> >> Looks good. I will include if others are not having any comment. >> >> Acked-by: Rishikesh K Rajak <risrajak@linux.vnet.ibm.com> >> >> Thanks >> Rishi >> >>> ------------- >>> >>> Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com> >>> --- >>> --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500 >>> +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-08 11:55:00.000000000 -0500 >>> @@ -80,6 +80,11 @@ int main(int argc, char *argv[]) >>> tst_exit(); >>> } >>> } >>> + else if (ret) { >>> + tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n"); >>> + tst_exit(); >>> + } >>> + >>> #if HAVE_DECL_CAP_FREE >>> cap_free(cur); >>> #endif > > Wow -- I really made a mess of that test a few months back... please do... > > else if (ret) { > tst_brkm(TBROK | TERRNO, tst_exit, "Failed to add > CAP_SYS_ADMIN to pI"); > } > > ... instead. ok. I fixed it based on your advice. Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com> --- --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500 +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-09 10:11:15.000000000 -0500 @@ -80,6 +80,10 @@ int main(int argc, char *argv[]) tst_exit(); } } + else if (ret) { + tst_brkm(TBROK | TERRNO, tst_exit, "Failed to add \ + CAP_SYS_ADMIN to pI"); + } #if HAVE_DECL_CAP_FREE cap_free(cur); #endif > Thanks for catching that one failure point ;)...! > -Garrett > > ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c 2010-02-09 2:19 ` Shi Weihua @ 2010-02-09 14:49 ` Garrett Cooper 0 siblings, 0 replies; 5+ messages in thread From: Garrett Cooper @ 2010-02-09 14:49 UTC (permalink / raw) To: Shi Weihua; +Cc: ltp-list On Feb 8, 2010, at 6:19 PM, Shi Weihua wrote: > at 2010-2-8 18:10, Garrett Cooper wrote: >> On Sun, Feb 7, 2010 at 10:08 PM, Rishikesh <risrajak@linux.vnet.ibm.com> wrote: >>> On 02/08/2010 11:32 AM, Shi Weihua wrote: >>>> An error occured on my i386 box. >>>> (OS: Fedora8, Kernel: 2.6.33-rc6, libcap: libcap-2.16) >>>> ------------- >>>> exec_without_inh 1 TFAIL : Failed to drop CAP_SYS_ADMIN from bounding set. >>>> exec_without_inh 0 TINFO : (ret=-1, errno 38) >>>> ------------- >>>> If the macro HAVE_DECL_CAP_BSET_DROP is 0, this error will occurs. >>>> But the program should to be broken when f != CAP_SET, like the similar code >>>> "if (ret || f != CAP_SET) {" in exec_with_inh.c. >>>> >>>> The TBROK message will be outputted if my patch merged. >>>> ------------- >>>> exec_without_inh 1 TBROK : Failed to add CAP_SYS_ADMIN to pI >>>> >>> Looks good. I will include if others are not having any comment. >>> >>> Acked-by: Rishikesh K Rajak <risrajak@linux.vnet.ibm.com> >>> >>> Thanks >>> Rishi >>> >>>> ------------- >>>> >>>> Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com> >>>> --- >>>> --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500 >>>> +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-08 11:55:00.000000000 -0500 >>>> @@ -80,6 +80,11 @@ int main(int argc, char *argv[]) >>>> tst_exit(); >>>> } >>>> } >>>> + else if (ret) { >>>> + tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n"); >>>> + tst_exit(); >>>> + } >>>> + >>>> #if HAVE_DECL_CAP_FREE >>>> cap_free(cur); >>>> #endif >> >> Wow -- I really made a mess of that test a few months back... please do... >> >> else if (ret) { >> tst_brkm(TBROK | TERRNO, tst_exit, "Failed to add >> CAP_SYS_ADMIN to pI"); >> } >> >> ... instead. > > ok. I fixed it based on your advice. > > Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com> > --- > --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500 > +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-09 10:11:15.000000000 -0500 > @@ -80,6 +80,10 @@ int main(int argc, char *argv[]) > tst_exit(); > } > } > + else if (ret) { > + tst_brkm(TBROK | TERRNO, tst_exit, "Failed to add \ > + CAP_SYS_ADMIN to pI"); > + } > #if HAVE_DECL_CAP_FREE > cap_free(cur); > #endif > >> Thanks for catching that one failure point ;)...! >> -Garrett Committed -- thanks! -Garrett ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-02-09 14:50 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-02-08 6:02 [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c Shi Weihua 2010-02-08 6:08 ` Rishikesh 2010-02-08 10:10 ` Garrett Cooper 2010-02-09 2:19 ` Shi Weihua 2010-02-09 14:49 ` Garrett Cooper
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox