From mboxrd@z Thu Jan 1 00:00:00 1970 From: Xiao Yang Date: Sat, 19 May 2018 17:04:08 +0800 Subject: [LTP] [PATCH] read_all: Drop privileges In-Reply-To: <20180518170933.GA5094@rei> References: <20180515095118.26282-1-rpalethorpe@suse.com> <20180515103042.GB7220@rei> <87bmdhyyrf.fsf@rpws.prws.suse.cz> <5AFBFC35.3060400@cn.fujitsu.com> <20180516114438.GA26490@rei> <5AFD5780.7040107@cn.fujitsu.com> <20180518170933.GA5094@rei> Message-ID: <5AFFE888.1020602@cn.fujitsu.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: ltp@lists.linux.it On 2018/05/19 1:09, Cyril Hrubis wrote: > Hi! >> Sorry, it seems a bug in open(2) instead of watchdog. > Looks like the list of supplementary groups is at fault here. > > On my system I do have in /etc/group: > > root:x:0:root > > Which means that among other groups root has root suplementary group set > when logged in. > > Which means that even when a program sets it's user and group ids to > nobody the root still stays in the list of supplementary groups, which > then is matched for files with root group ownership and hence we can > stil open the file. > > Adding setgroups(0, NULL); to switch_privs() in your program "fixes" the > behavior and we get EPERM as expected. And I guess that we should patch > the read_all to do the same, which should fix your problem. I will apply > the fix. Hi Cyril, Thanks for your detailed explanation. I will send the fix patch as you suggested. Thanks, Xiao Yang