From: Richard Palethorpe <rpalethorpe@suse.de>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH] fs/read_all: Clear suplementary groups before droping privileges
Date: Tue, 22 May 2018 12:26:13 +0200 [thread overview]
Message-ID: <87603g9ebe.fsf@rpws.prws.suse.cz> (raw)
In-Reply-To: <1526721740-8382-1-git-send-email-yangx.jy@cn.fujitsu.com>
Hello,
Xiao Yang writes:
> Current user(e.g. root) has its own suplementary group set when logged in. Which
> means that even when a program sets it's user and group ids to nobody the current
> group still stays in the list of supplementary groups, which then is matched for
> files with the current group ownership and hence we can still access the file.
>
> For example, if /dev/watchdog has root group ownership and rw group permissions,
> running read_all_dev can still open /dev/watchdog and reboot system even after
> switching user and group ids from root to nobody.
>
> We need to clear suplementary groups before droping privileges and keep the same
> rule as commit 1f011e5 if current user doesn't have the capabilities to clear
> suplementary groups.
>
> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
> ---
> testcases/kernel/fs/read_all/read_all.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/testcases/kernel/fs/read_all/read_all.c b/testcases/kernel/fs/read_all/read_all.c
> index a8e1611..acd8e73 100644
> --- a/testcases/kernel/fs/read_all/read_all.c
> +++ b/testcases/kernel/fs/read_all/read_all.c
> @@ -258,6 +258,12 @@ static void maybe_drop_privs(void)
> if (!drop_privs)
> return;
>
> + TEST(setgroups(0, NULL));
> + if (TEST_RETURN < 0 && TEST_ERRNO != EPERM) {
> + tst_brk(TBROK | TTERRNO,
> + "Failed to clear suplementary group set");
> + }
> +
> nobody = SAFE_GETPWNAM("nobody");
>
> TEST(setgid(nobody->pw_gid));
LGTM!
--
Thank you,
Richard.
next prev parent reply other threads:[~2018-05-22 10:26 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-15 9:51 [LTP] [PATCH] read_all: Drop privileges Richard Palethorpe
2018-05-15 10:30 ` Cyril Hrubis
2018-05-15 10:55 ` Richard Palethorpe
2018-05-15 10:57 ` Cyril Hrubis
2018-05-15 11:18 ` Punit Agrawal
2018-05-15 12:34 ` Richard Palethorpe
2018-05-15 11:23 ` Punit Agrawal
2018-05-16 9:39 ` Xiao Yang
2018-05-16 11:44 ` Cyril Hrubis
2018-05-17 10:20 ` Xiao Yang
2018-05-18 17:09 ` Cyril Hrubis
2018-05-19 9:04 ` Xiao Yang
2018-05-19 9:22 ` [LTP] [PATCH] fs/read_all: Clear suplementary groups before droping privileges Xiao Yang
2018-05-22 10:26 ` Richard Palethorpe [this message]
2018-05-22 10:56 ` Cyril Hrubis
2018-05-22 10:54 ` Cyril Hrubis
2018-05-15 11:00 ` [LTP] [PATCH v2] read_all: Drop privileges Richard Palethorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87603g9ebe.fsf@rpws.prws.suse.cz \
--to=rpalethorpe@suse.de \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox