Re: [LTP] [PATCH v1] open15: allow restricted O_CREAT of FIFOs and regular files

public inbox for ltp@lists.linux.it
 help / color / mirror / Atom feed

From: Cyril Hrubis <chrubis@suse.cz>
To: Wei Gao <wegao@suse.com>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v1] open15: allow restricted O_CREAT of FIFOs and regular files
Date: Fri, 8 Dec 2023 16:34:35 +0100	[thread overview]
Message-ID: <ZXM3iwdvy4-XoIdB@yuki> (raw)
In-Reply-To: <20231009112047.2359-1-wegao@suse.com>

Hi!
> +// SPDX-License-Identifier: GPL-2.0-only

The default license should be GPL-2.0-or-later for new tests.

> +/*
> + * Copyright (c) 2023 Wei Gao <wegao@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Verify disallows open of FIFOs or regular files not owned by the user in world
> + * writable sticky directories
> + *
> + * Linux commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5
> + */
> +
> +#include <pwd.h>
> +#include <stdlib.h>
> +#include "tst_test.h"
> +#include "tst_safe_file_at.h"
> +
> +#define  FILENAME  "setuid04_testfile"
> +#define  DIR "ltp_tmp_check1"
> +#define  TEST_FILE "test_file_1"
> +#define  TEST_FIFO "test_fifo_1"
> +#define  LTP_USER1 "ltp_user1"
> +#define  LTP_USER2 "ltp_user2"
> +#define  CONCAT(dir, filename) dir "/" filename
> +#define  PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
> +#define  PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
> +
> +static int LTP_USER1_UID;
> +static int LTP_USER2_UID;
> +static int dir_fd;
> +
> +static void run(void)
> +{
> +	int pid;
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0);
> +
> +	pid = SAFE_FORK();
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER1_UID);
> +
> +		int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);
> +
> +		SAFE_CLOSE(fd);
> +		fd = SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777);
> +		SAFE_CLOSE(fd);
> +
> +		TST_CHECKPOINT_WAKE(0);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(0);

This shouldn't be checkpoint, but rather you should wait for the child
process with tst_reap_children() and the same in all the other cases.

> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER2_UID);
> +
> +		int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);

This can't be SAFE_OPENAT() since it will TBROK instead of TFAIL in a
case of a failure. You have to do the TST_EXP_FD(openat(...)) instead.

And the same for all the cases that shouldn't fail.

> +		tst_res(TPASS, "check protect_regural == 0 pass");
> +		SAFE_CLOSE(fd);
> +
> +		fd = SAFE_OPEN(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT);
> +		tst_res(TPASS, "check protect_fifos == 0 pass");
> +		SAFE_CLOSE(fd);
> +
> +		TST_CHECKPOINT_WAKE(1);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(1);
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1);
> +
> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER2_UID);
> +
> +		TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_regural == 1 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_regural == 1 failed");


And here you have to do TST_EXP_FAIL(openat(...)) and in all the failing
cases as well.

> +		TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_fifos == 1 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_fifos == 1 failed");
> +
> +		TST_CHECKPOINT_WAKE(2);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(2);
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2);
> +	SAFE_CHMOD(DIR, 0020 | S_ISVTX);
> +
> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER2_UID);
> +
> +		TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_regural == 2 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_regural == 2 failed");
> +
> +		TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_fifos == 2 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_fifos == 2 failed");
> +
> +		TST_CHECKPOINT_WAKE(3);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(3);
> +}
> +
> +static int add_user(char *username)
> +{
> +	const char *const cmd_useradd[] = {"useradd", username, NULL};
> +	struct passwd *ltpuser;
> +	int rc, uid = -1;
> +
> +	switch ((rc = tst_cmd(cmd_useradd, NULL, NULL, TST_CMD_PASS_RETVAL))) {
> +	case 0:
> +	case 9:
> +		ltpuser = SAFE_GETPWNAM(username);
> +		uid = ltpuser->pw_uid;
> +		break;
> +	default:
> +		tst_brk(TBROK, "Useradd failed (%d)", rc);
> +	}
> +
> +	return uid;
> +}
> +
> +static void del_user(char *username)
> +{
> +	const char *const cmd_userdel[] = {"userdel", "-r", username, NULL};
> +
> +	tst_cmd(cmd_userdel, NULL, NULL, TST_CMD_PASS_RETVAL);
> +
> +}
> +
> +static void setup(void)
> +{
> +	umask(0);
> +	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
> +
> +	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
> +
> +	LTP_USER1_UID = add_user(LTP_USER1);
> +	LTP_USER2_UID = add_user(LTP_USER2);

We actually does not need to add users for these tests, we can just
choose two random UIDs and use them, since all the kernel does is to
compare the UIDs of the processes...

So we can just do:

#define LTP_USR_UID1 1000
#define LTP_USR_UID2 1001

> +}
> +
> +static void cleanup(void)
> +{
> +	del_user(LTP_USER1);
> +	del_user(LTP_USER2);
> +}
> +
> +static struct tst_test test = {
> +	.setup = setup,
> +	.cleanup = cleanup,
> +	.needs_root = 1,
> +	.test_all = run,
> +	.needs_tmpdir = 1,
> +	.forks_child = 1,
> +	.save_restore = (const struct tst_path_val[]) {
> +		{PROTECTED_REGULAR, NULL, TST_SR_SKIP},
> +		{PROTECTED_FIFOS, NULL, TST_SR_SKIP},
                                         ^
					 TST_SR_TCONF

Since we want to skip the test if these files are missing.

> +		{}
> +	},
> +	.needs_checkpoints = 1,
> +};
> -- 
> 2.35.3
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

next prev parent reply	other threads:[~2023-12-08 15:34 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-09 11:20 [LTP] [PATCH v1] open15: allow restricted O_CREAT of FIFOs and regular files Wei Gao via ltp
2023-12-08 15:34 ` Cyril Hrubis [this message]
2023-12-27 13:05 ` [LTP] [PATCH v2] " Wei Gao via ltp
2024-02-26 13:37   ` Cyril Hrubis
2024-06-03 12:55   ` [LTP] [PATCH v3] " Wei Gao via ltp
2025-02-21 10:01     ` Andrea Cervesato via ltp
2025-03-19 14:23     ` [LTP] [PATCH v4] open16: " Wei Gao via ltp
2025-07-11 12:04       ` Cyril Hrubis
2025-07-23 15:46       ` [LTP] [PATCH v5] " Wei Gao via ltp
2026-02-18 13:21         ` Andrea Cervesato via ltp

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZXM3iwdvy4-XoIdB@yuki \
    --to=chrubis@suse.cz \
    --cc=ltp@lists.linux.it \
    --cc=wegao@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox