[LTP] [PATCH v1] open15: allow restricted O_CREAT of FIFOs and regular files

[LTP] [PATCH v1] open15: allow restricted O_CREAT of FIFOs and regular files

[Wei Gao via ltp]

Fix: #574

Signed-off-by: Wei Gao <wegao@suse.com>
---
 runtest/syscalls                          |   1 +
 testcases/kernel/syscalls/open/.gitignore |   1 +
 testcases/kernel/syscalls/open/open15.c   | 188 ++++++++++++++++++++++
 3 files changed, 190 insertions(+)
 create mode 100644 testcases/kernel/syscalls/open/open15.c

diff --git a/runtest/syscalls b/runtest/syscalls
index 4f1ee1f34..4152e1e5f 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -935,6 +935,7 @@ open11 open11
 open12 open12
 open13 open13
 open14 open14
+open15 open15
 
 openat01 openat01
 openat02 openat02
diff --git a/testcases/kernel/syscalls/open/.gitignore b/testcases/kernel/syscalls/open/.gitignore
index 001d874d6..af5997572 100644
--- a/testcases/kernel/syscalls/open/.gitignore
+++ b/testcases/kernel/syscalls/open/.gitignore
@@ -12,3 +12,4 @@
 /open12_child
 /open13
 /open14
+/open15
diff --git a/testcases/kernel/syscalls/open/open15.c b/testcases/kernel/syscalls/open/open15.c
new file mode 100644
index 000000000..f0eec08e7
--- /dev/null
+++ b/testcases/kernel/syscalls/open/open15.c
@@ -0,0 +1,188 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (c) 2023 Wei Gao <wegao@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * Verify disallows open of FIFOs or regular files not owned by the user in world
+ * writable sticky directories
+ *
+ * Linux commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5
+ */
+
+#include <pwd.h>
+#include <stdlib.h>
+#include "tst_test.h"
+#include "tst_safe_file_at.h"
+
+#define  FILENAME  "setuid04_testfile"
+#define  DIR "ltp_tmp_check1"
+#define  TEST_FILE "test_file_1"
+#define  TEST_FIFO "test_fifo_1"
+#define  LTP_USER1 "ltp_user1"
+#define  LTP_USER2 "ltp_user2"
+#define  CONCAT(dir, filename) dir "/" filename
+#define  PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
+#define  PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
+
+static int LTP_USER1_UID;
+static int LTP_USER2_UID;
+static int dir_fd;
+
+static void run(void)
+{
+	int pid;
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0);
+
+	pid = SAFE_FORK();
+	if (pid == 0) {
+		SAFE_SETUID(LTP_USER1_UID);
+
+		int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);
+
+		SAFE_CLOSE(fd);
+		fd = SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777);
+		SAFE_CLOSE(fd);
+
+		TST_CHECKPOINT_WAKE(0);
+		exit(0);
+	}
+
+	TST_CHECKPOINT_WAIT(0);
+
+	pid = SAFE_FORK();
+
+	if (pid == 0) {
+		SAFE_SETUID(LTP_USER2_UID);
+
+		int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);
+
+		tst_res(TPASS, "check protect_regural == 0 pass");
+		SAFE_CLOSE(fd);
+
+		fd = SAFE_OPEN(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT);
+		tst_res(TPASS, "check protect_fifos == 0 pass");
+		SAFE_CLOSE(fd);
+
+		TST_CHECKPOINT_WAKE(1);
+		exit(0);
+	}
+
+	TST_CHECKPOINT_WAIT(1);
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1);
+
+	pid = SAFE_FORK();
+
+	if (pid == 0) {
+		SAFE_SETUID(LTP_USER2_UID);
+
+		TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777));
+		if (TST_RET == -1 && TST_ERR == EACCES)
+			tst_res(TPASS, "check protect_regural == 1 pass");
+		else
+			tst_res(TFAIL | TERRNO, "check protect_regural == 1 failed");
+
+		TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
+		if (TST_RET == -1 && TST_ERR == EACCES)
+			tst_res(TPASS, "check protect_fifos == 1 pass");
+		else
+			tst_res(TFAIL | TERRNO, "check protect_fifos == 1 failed");
+
+		TST_CHECKPOINT_WAKE(2);
+		exit(0);
+	}
+
+	TST_CHECKPOINT_WAIT(2);
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2);
+	SAFE_CHMOD(DIR, 0020 | S_ISVTX);
+
+	pid = SAFE_FORK();
+
+	if (pid == 0) {
+		SAFE_SETUID(LTP_USER2_UID);
+
+		TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777));
+		if (TST_RET == -1 && TST_ERR == EACCES)
+			tst_res(TPASS, "check protect_regural == 2 pass");
+		else
+			tst_res(TFAIL | TERRNO, "check protect_regural == 2 failed");
+
+		TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
+		if (TST_RET == -1 && TST_ERR == EACCES)
+			tst_res(TPASS, "check protect_fifos == 2 pass");
+		else
+			tst_res(TFAIL | TERRNO, "check protect_fifos == 2 failed");
+
+		TST_CHECKPOINT_WAKE(3);
+		exit(0);
+	}
+
+	TST_CHECKPOINT_WAIT(3);
+}
+
+static int add_user(char *username)
+{
+	const char *const cmd_useradd[] = {"useradd", username, NULL};
+	struct passwd *ltpuser;
+	int rc, uid = -1;
+
+	switch ((rc = tst_cmd(cmd_useradd, NULL, NULL, TST_CMD_PASS_RETVAL))) {
+	case 0:
+	case 9:
+		ltpuser = SAFE_GETPWNAM(username);
+		uid = ltpuser->pw_uid;
+		break;
+	default:
+		tst_brk(TBROK, "Useradd failed (%d)", rc);
+	}
+
+	return uid;
+}
+
+static void del_user(char *username)
+{
+	const char *const cmd_userdel[] = {"userdel", "-r", username, NULL};
+
+	tst_cmd(cmd_userdel, NULL, NULL, TST_CMD_PASS_RETVAL);
+
+}
+
+static void setup(void)
+{
+	umask(0);
+	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
+
+	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
+
+	LTP_USER1_UID = add_user(LTP_USER1);
+	LTP_USER2_UID = add_user(LTP_USER2);
+}
+
+static void cleanup(void)
+{
+	del_user(LTP_USER1);
+	del_user(LTP_USER2);
+}
+
+static struct tst_test test = {
+	.setup = setup,
+	.cleanup = cleanup,
+	.needs_root = 1,
+	.test_all = run,
+	.needs_tmpdir = 1,
+	.forks_child = 1,
+	.save_restore = (const struct tst_path_val[]) {
+		{PROTECTED_REGULAR, NULL, TST_SR_SKIP},
+		{PROTECTED_FIFOS, NULL, TST_SR_SKIP},
+		{}
+	},
+	.needs_checkpoints = 1,
+};
-- 
2.35.3


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v1] open15: allow restricted O_CREAT of FIFOs and regular files

[Cyril Hrubis]

Hi!
> +// SPDX-License-Identifier: GPL-2.0-only

The default license should be GPL-2.0-or-later for new tests.

> +/*
> + * Copyright (c) 2023 Wei Gao <wegao@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Verify disallows open of FIFOs or regular files not owned by the user in world
> + * writable sticky directories
> + *
> + * Linux commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5
> + */
> +
> +#include <pwd.h>
> +#include <stdlib.h>
> +#include "tst_test.h"
> +#include "tst_safe_file_at.h"
> +
> +#define  FILENAME  "setuid04_testfile"
> +#define  DIR "ltp_tmp_check1"
> +#define  TEST_FILE "test_file_1"
> +#define  TEST_FIFO "test_fifo_1"
> +#define  LTP_USER1 "ltp_user1"
> +#define  LTP_USER2 "ltp_user2"
> +#define  CONCAT(dir, filename) dir "/" filename
> +#define  PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
> +#define  PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
> +
> +static int LTP_USER1_UID;
> +static int LTP_USER2_UID;
> +static int dir_fd;
> +
> +static void run(void)
> +{
> +	int pid;
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0);
> +
> +	pid = SAFE_FORK();
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER1_UID);
> +
> +		int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);
> +
> +		SAFE_CLOSE(fd);
> +		fd = SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777);
> +		SAFE_CLOSE(fd);
> +
> +		TST_CHECKPOINT_WAKE(0);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(0);

This shouldn't be checkpoint, but rather you should wait for the child
process with tst_reap_children() and the same in all the other cases.

> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER2_UID);
> +
> +		int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);

This can't be SAFE_OPENAT() since it will TBROK instead of TFAIL in a
case of a failure. You have to do the TST_EXP_FD(openat(...)) instead.

And the same for all the cases that shouldn't fail.

> +		tst_res(TPASS, "check protect_regural == 0 pass");
> +		SAFE_CLOSE(fd);
> +
> +		fd = SAFE_OPEN(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT);
> +		tst_res(TPASS, "check protect_fifos == 0 pass");
> +		SAFE_CLOSE(fd);
> +
> +		TST_CHECKPOINT_WAKE(1);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(1);
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1);
> +
> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER2_UID);
> +
> +		TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_regural == 1 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_regural == 1 failed");


And here you have to do TST_EXP_FAIL(openat(...)) and in all the failing
cases as well.

> +		TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_fifos == 1 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_fifos == 1 failed");
> +
> +		TST_CHECKPOINT_WAKE(2);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(2);
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2);
> +	SAFE_CHMOD(DIR, 0020 | S_ISVTX);
> +
> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER2_UID);
> +
> +		TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_regural == 2 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_regural == 2 failed");
> +
> +		TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_fifos == 2 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_fifos == 2 failed");
> +
> +		TST_CHECKPOINT_WAKE(3);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(3);
> +}
> +
> +static int add_user(char *username)
> +{
> +	const char *const cmd_useradd[] = {"useradd", username, NULL};
> +	struct passwd *ltpuser;
> +	int rc, uid = -1;
> +
> +	switch ((rc = tst_cmd(cmd_useradd, NULL, NULL, TST_CMD_PASS_RETVAL))) {
> +	case 0:
> +	case 9:
> +		ltpuser = SAFE_GETPWNAM(username);
> +		uid = ltpuser->pw_uid;
> +		break;
> +	default:
> +		tst_brk(TBROK, "Useradd failed (%d)", rc);
> +	}
> +
> +	return uid;
> +}
> +
> +static void del_user(char *username)
> +{
> +	const char *const cmd_userdel[] = {"userdel", "-r", username, NULL};
> +
> +	tst_cmd(cmd_userdel, NULL, NULL, TST_CMD_PASS_RETVAL);
> +
> +}
> +
> +static void setup(void)
> +{
> +	umask(0);
> +	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
> +
> +	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
> +
> +	LTP_USER1_UID = add_user(LTP_USER1);
> +	LTP_USER2_UID = add_user(LTP_USER2);

We actually does not need to add users for these tests, we can just
choose two random UIDs and use them, since all the kernel does is to
compare the UIDs of the processes...

So we can just do:

#define LTP_USR_UID1 1000
#define LTP_USR_UID2 1001

> +}
> +
> +static void cleanup(void)
> +{
> +	del_user(LTP_USER1);
> +	del_user(LTP_USER2);
> +}
> +
> +static struct tst_test test = {
> +	.setup = setup,
> +	.cleanup = cleanup,
> +	.needs_root = 1,
> +	.test_all = run,
> +	.needs_tmpdir = 1,
> +	.forks_child = 1,
> +	.save_restore = (const struct tst_path_val[]) {
> +		{PROTECTED_REGULAR, NULL, TST_SR_SKIP},
> +		{PROTECTED_FIFOS, NULL, TST_SR_SKIP},
                                         ^
					 TST_SR_TCONF

Since we want to skip the test if these files are missing.

> +		{}
> +	},
> +	.needs_checkpoints = 1,
> +};
> -- 
> 2.35.3
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v2] open15: allow restricted O_CREAT of FIFOs and regular files

[Wei Gao via ltp]

Fix: #574

Signed-off-by: Wei Gao <wegao@suse.com>
---
 runtest/syscalls                          |   1 +
 testcases/kernel/syscalls/open/.gitignore |   1 +
 testcases/kernel/syscalls/open/open15.c   | 138 ++++++++++++++++++++++
 3 files changed, 140 insertions(+)
 create mode 100644 testcases/kernel/syscalls/open/open15.c

diff --git a/runtest/syscalls b/runtest/syscalls
index 4f1ee1f34..4152e1e5f 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -935,6 +935,7 @@ open11 open11
 open12 open12
 open13 open13
 open14 open14
+open15 open15
 
 openat01 openat01
 openat02 openat02
diff --git a/testcases/kernel/syscalls/open/.gitignore b/testcases/kernel/syscalls/open/.gitignore
index 001d874d6..af5997572 100644
--- a/testcases/kernel/syscalls/open/.gitignore
+++ b/testcases/kernel/syscalls/open/.gitignore
@@ -12,3 +12,4 @@
 /open12_child
 /open13
 /open14
+/open15
diff --git a/testcases/kernel/syscalls/open/open15.c b/testcases/kernel/syscalls/open/open15.c
new file mode 100644
index 000000000..4feb1bb08
--- /dev/null
+++ b/testcases/kernel/syscalls/open/open15.c
@@ -0,0 +1,138 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2023 Wei Gao <wegao@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * Verify disallows open of FIFOs or regular files not owned by the user in world
+ * writable sticky directories
+ *
+ * commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5
+ * Author: Salvatore Mesoraca <s.mesoraca16@gmail.com>
+ * Date:   Thu Aug 23 17:00:35 2018 -0700
+ *     namei: allow restricted O_CREAT of FIFOs and regular files
+ */
+
+#include <pwd.h>
+#include <stdlib.h>
+#include "tst_test.h"
+#include "tst_safe_file_at.h"
+
+#define  FILENAME  "setuid04_testfile"
+#define  DIR "ltp_tmp_check1"
+#define  TEST_FILE "test_file_1"
+#define  TEST_FIFO "test_fifo_1"
+#define  LTP_USR_UID1 1000
+#define  LTP_USR_UID2 1001
+#define  CONCAT(dir, filename) dir "/" filename
+#define  PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
+#define  PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
+
+static int dir_fd;
+
+static void run(void)
+{
+	int pid;
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0);
+
+	pid = SAFE_FORK();
+	if (pid == 0) {
+		SAFE_SETUID(LTP_USR_UID1);
+
+		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
+
+		SAFE_CLOSE(fd);
+		fd = SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777);
+		SAFE_CLOSE(fd);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	pid = SAFE_FORK();
+
+	if (pid == 0) {
+		SAFE_SETUID(LTP_USR_UID2);
+
+		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
+
+		tst_res(TPASS, "check protect_regural == 0 pass");
+		SAFE_CLOSE(fd);
+
+		fd = SAFE_OPEN(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT);
+		tst_res(TPASS, "check protect_fifos == 0 pass");
+		SAFE_CLOSE(fd);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1);
+
+	pid = SAFE_FORK();
+
+	if (pid == 0) {
+		SAFE_SETUID(LTP_USR_UID2);
+
+		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
+
+		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2);
+	SAFE_CHMOD(DIR, 0020 | S_ISVTX);
+
+	pid = SAFE_FORK();
+
+	if (pid == 0) {
+		SAFE_SETUID(LTP_USR_UID2);
+
+		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
+
+		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+}
+
+static void setup(void)
+{
+	umask(0);
+	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
+
+	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
+}
+
+static void cleanup(void)
+{
+	SAFE_CLOSE(dir_fd);
+}
+
+static struct tst_test test = {
+	.setup = setup,
+	.cleanup = cleanup,
+	.needs_root = 1,
+	.test_all = run,
+	.needs_tmpdir = 1,
+	.forks_child = 1,
+	.save_restore = (const struct tst_path_val[]) {
+		{PROTECTED_REGULAR, NULL, TST_SR_TCONF},
+		{PROTECTED_FIFOS, NULL, TST_SR_TCONF},
+		{}
+	},
+	.needs_checkpoints = 1,
+};
-- 
2.35.3


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v2] open15: allow restricted O_CREAT of FIFOs and regular files

[Cyril Hrubis]

Hi!
> +/*\
> + * [Description]
> + *
> + * Verify disallows open of FIFOs or regular files not owned by the user in world
> + * writable sticky directories
> + *
> + * commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5
> + * Author: Salvatore Mesoraca <s.mesoraca16@gmail.com>
> + * Date:   Thu Aug 23 17:00:35 2018 -0700
> + *     namei: allow restricted O_CREAT of FIFOs and regular files
> + */
> +
> +#include <pwd.h>
> +#include <stdlib.h>
> +#include "tst_test.h"
> +#include "tst_safe_file_at.h"
> +
> +#define  FILENAME  "setuid04_testfile"
> +#define  DIR "ltp_tmp_check1"
> +#define  TEST_FILE "test_file_1"
> +#define  TEST_FIFO "test_fifo_1"
> +#define  LTP_USR_UID1 1000
> +#define  LTP_USR_UID2 1001
> +#define  CONCAT(dir, filename) dir "/" filename
> +#define  PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
> +#define  PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
> +
> +static int dir_fd;
> +
> +static void run(void)
> +{
> +	int pid;
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0);
> +
> +	pid = SAFE_FORK();

No need to store the pid if we are not using it. We can do instead just:

	if (!SAFE_FORK()) {

> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USR_UID1);
> +
> +		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
> +
> +		SAFE_CLOSE(fd);
> +		fd = SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777);
> +		SAFE_CLOSE(fd);

This part has to be done in the test setup() otherwise the test will
fail with EEXIST with -i 2.

> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +
> +		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
> +
> +		tst_res(TPASS, "check protect_regural == 0 pass");

The TST_EXP_FD() should print TPASS message, there is no point in adding
another.


> +		SAFE_CLOSE(fd);

This should be closed only if the fd is valid.

> +		fd = SAFE_OPEN(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT);
> +		tst_res(TPASS, "check protect_fifos == 0 pass");
> +		SAFE_CLOSE(fd);

Again this should be TST_EXP_FD().

> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1);
> +
> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +
> +		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
> +
> +		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2);
> +	SAFE_CHMOD(DIR, 0020 | S_ISVTX);

I suppose that this will break the test with -i 2 as well, you need to
chmod the directory back at the end of the test.

> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +
> +		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
> +
> +		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +}
> +
> +static void setup(void)
> +{
> +	umask(0);
> +	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
> +
> +	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
> +}
> +
> +static void cleanup(void)
> +{
> +	SAFE_CLOSE(dir_fd);
> +}
> +
> +static struct tst_test test = {
> +	.setup = setup,
> +	.cleanup = cleanup,
> +	.needs_root = 1,
> +	.test_all = run,
> +	.needs_tmpdir = 1,
> +	.forks_child = 1,
> +	.save_restore = (const struct tst_path_val[]) {
> +		{PROTECTED_REGULAR, NULL, TST_SR_TCONF},
> +		{PROTECTED_FIFOS, NULL, TST_SR_TCONF},
> +		{}
> +	},
> +	.needs_checkpoints = 1,

This should have been removed.

> +};
> -- 
> 2.35.3
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v3] open15: allow restricted O_CREAT of FIFOs and regular files

[Wei Gao via ltp]

Fix: #574

Signed-off-by: Wei Gao <wegao@suse.com>
---
 runtest/syscalls                          |   1 +
 testcases/kernel/syscalls/open/.gitignore |   1 +
 testcases/kernel/syscalls/open/open15.c   | 125 ++++++++++++++++++++++
 3 files changed, 127 insertions(+)
 create mode 100644 testcases/kernel/syscalls/open/open15.c

diff --git a/runtest/syscalls b/runtest/syscalls
index 4f1ee1f34..4152e1e5f 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -935,6 +935,7 @@ open11 open11
 open12 open12
 open13 open13
 open14 open14
+open15 open15
 
 openat01 openat01
 openat02 openat02
diff --git a/testcases/kernel/syscalls/open/.gitignore b/testcases/kernel/syscalls/open/.gitignore
index 001d874d6..af5997572 100644
--- a/testcases/kernel/syscalls/open/.gitignore
+++ b/testcases/kernel/syscalls/open/.gitignore
@@ -12,3 +12,4 @@
 /open12_child
 /open13
 /open14
+/open15
diff --git a/testcases/kernel/syscalls/open/open15.c b/testcases/kernel/syscalls/open/open15.c
new file mode 100644
index 000000000..de5325e01
--- /dev/null
+++ b/testcases/kernel/syscalls/open/open15.c
@@ -0,0 +1,125 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2023 Wei Gao <wegao@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * Verify disallows open of FIFOs or regular files not owned by the user in world
+ * writable sticky directories
+ *
+ * commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5
+ * Author: Salvatore Mesoraca <s.mesoraca16@gmail.com>
+ * Date:   Thu Aug 23 17:00:35 2018 -0700
+ *     namei: allow restricted O_CREAT of FIFOs and regular files
+ */
+
+#include <pwd.h>
+#include <stdlib.h>
+#include "tst_test.h"
+#include "tst_safe_file_at.h"
+
+#define  FILENAME  "setuid04_testfile"
+#define  DIR "ltp_tmp_check1"
+#define  TEST_FILE "test_file_1"
+#define  TEST_FIFO "test_fifo_1"
+#define  LTP_USR_UID1 1000
+#define  LTP_USR_UID2 1001
+#define  CONCAT(dir, filename) dir "/" filename
+#define  PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
+#define  PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
+
+static int dir_fd;
+
+static void run(void)
+{
+	int pid;
+
+	SAFE_CHMOD(DIR, 0777 | S_ISVTX);
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0);
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID1);
+
+		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
+
+		SAFE_CLOSE(fd);
+
+		SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID2);
+
+		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
+
+		SAFE_CLOSE(fd);
+
+		fd = TST_EXP_FD(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
+		SAFE_CLOSE(fd);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1);
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID2);
+		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
+		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2);
+	SAFE_CHMOD(DIR, 0020 | S_ISVTX);
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID2);
+		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
+		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+	unlink(CONCAT(DIR, TEST_FIFO));
+}
+
+static void setup(void)
+{
+	umask(0);
+	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
+	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
+}
+
+static void cleanup(void)
+{
+	SAFE_CLOSE(dir_fd);
+}
+
+static struct tst_test test = {
+	.setup = setup,
+	.cleanup = cleanup,
+	.needs_root = 1,
+	.test_all = run,
+	.needs_tmpdir = 1,
+	.forks_child = 1,
+	.save_restore = (const struct tst_path_val[]) {
+		{PROTECTED_REGULAR, NULL, TST_SR_TCONF},
+		{PROTECTED_FIFOS, NULL, TST_SR_TCONF},
+		{}
+	},
+};
-- 
2.35.3


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v3] open15: allow restricted O_CREAT of FIFOs and regular files

[Andrea Cervesato via ltp]

Hi Wei,

If we want to merge this patch, we need to do a couple of things more.
The open15 is now taken by an another test, so we need to move it to open16.
Also we don't have a nice git commit message describing what's the 
purpose of the test.

On 6/3/24 14:55, Wei Gao via ltp wrote:
> Fix: #574
>
> Signed-off-by: Wei Gao <wegao@suse.com>
> ---
>   runtest/syscalls                          |   1 +
>   testcases/kernel/syscalls/open/.gitignore |   1 +
>   testcases/kernel/syscalls/open/open15.c   | 125 ++++++++++++++++++++++
>   3 files changed, 127 insertions(+)
>   create mode 100644 testcases/kernel/syscalls/open/open15.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 4f1ee1f34..4152e1e5f 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -935,6 +935,7 @@ open11 open11
>   open12 open12
>   open13 open13
>   open14 open14
> +open15 open15
>   
>   openat01 openat01
>   openat02 openat02
> diff --git a/testcases/kernel/syscalls/open/.gitignore b/testcases/kernel/syscalls/open/.gitignore
> index 001d874d6..af5997572 100644
> --- a/testcases/kernel/syscalls/open/.gitignore
> +++ b/testcases/kernel/syscalls/open/.gitignore
> @@ -12,3 +12,4 @@
>   /open12_child
>   /open13
>   /open14
> +/open15
> diff --git a/testcases/kernel/syscalls/open/open15.c b/testcases/kernel/syscalls/open/open15.c
> new file mode 100644
> index 000000000..de5325e01
> --- /dev/null
> +++ b/testcases/kernel/syscalls/open/open15.c
> @@ -0,0 +1,125 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) 2023 Wei Gao <wegao@suse.com>
> + */
> +
> +/*\
> + * [Description]
Not needed anymore.
> + *
> + * Verify disallows open of FIFOs or regular files not owned by the user in world
> + * writable sticky directories
> + *
> + * commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5
> + * Author: Salvatore Mesoraca <s.mesoraca16@gmail.com>
> + * Date:   Thu Aug 23 17:00:35 2018 -0700
> + *     namei: allow restricted O_CREAT of FIFOs and regular files
we should update .tags instead of copying commit message here.
> + */
> +
> +#include <pwd.h>
> +#include <stdlib.h>
> +#include "tst_test.h"
> +#include "tst_safe_file_at.h"
> +
> +#define  FILENAME  "setuid04_testfile"
> +#define  DIR "ltp_tmp_check1"
> +#define  TEST_FILE "test_file_1"
> +#define  TEST_FIFO "test_fifo_1"
> +#define  LTP_USR_UID1 1000
> +#define  LTP_USR_UID2 1001
> +#define  CONCAT(dir, filename) dir "/" filename
> +#define  PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
> +#define  PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
> +
> +static int dir_fd;
> +
> +static void run(void)
> +{
> +	int pid;
> +
> +	SAFE_CHMOD(DIR, 0777 | S_ISVTX);
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0);
> +
> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID1);
> +
> +		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
> +
> +		SAFE_CLOSE(fd);
> +
> +		SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +
> +		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
> +
> +		SAFE_CLOSE(fd);
> +
> +		fd = TST_EXP_FD(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
> +		SAFE_CLOSE(fd);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1);
> +
> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
> +		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2);
> +	SAFE_CHMOD(DIR, 0020 | S_ISVTX);
> +
> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
> +		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +	unlink(CONCAT(DIR, TEST_FIFO));
SAFE_UNLINK()
> +}
> +
> +static void setup(void)
> +{
> +	umask(0);
> +	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
> +	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
> +}
> +
> +static void cleanup(void)
> +{
> +	SAFE_CLOSE(dir_fd);

if (dir_fd != -1)
     SAFE_CLOSE(dir_fd);

> +}
> +
> +static struct tst_test test = {
> +	.setup = setup,
> +	.cleanup = cleanup,
> +	.needs_root = 1,
> +	.test_all = run,
> +	.needs_tmpdir = 1,
> +	.forks_child = 1,
> +	.save_restore = (const struct tst_path_val[]) {
> +		{PROTECTED_REGULAR, NULL, TST_SR_TCONF},
> +		{PROTECTED_FIFOS, NULL, TST_SR_TCONF},
> +		{}
> +	},
.tags is missing.
> +};
Andrea

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v4] open16: allow restricted O_CREAT of FIFOs and regular files

[Wei Gao via ltp]

Signed-off-by: Wei Gao <wegao@suse.com>

This commit adds test cases to verify the security restrictions for opening
FIFOs and regular files in world-writable sticky directories.

Signed-off-by: Wei Gao <wegao@suse.com>
---
 runtest/syscalls                          |   1 +
 testcases/kernel/syscalls/open/.gitignore |   1 +
 testcases/kernel/syscalls/open/open16.c   | 121 ++++++++++++++++++++++
 3 files changed, 123 insertions(+)
 create mode 100644 testcases/kernel/syscalls/open/open16.c

diff --git a/runtest/syscalls b/runtest/syscalls
index 839c23d0a..7a1a64c01 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -974,6 +974,7 @@ open12 open12
 open13 open13
 open14 open14
 open15 open15
+open16 open16
 
 openat01 openat01
 openat02 openat02
diff --git a/testcases/kernel/syscalls/open/.gitignore b/testcases/kernel/syscalls/open/.gitignore
index af5997572..d2cacc02e 100644
--- a/testcases/kernel/syscalls/open/.gitignore
+++ b/testcases/kernel/syscalls/open/.gitignore
@@ -13,3 +13,4 @@
 /open13
 /open14
 /open15
+/open16
diff --git a/testcases/kernel/syscalls/open/open16.c b/testcases/kernel/syscalls/open/open16.c
new file mode 100644
index 000000000..709c5c87f
--- /dev/null
+++ b/testcases/kernel/syscalls/open/open16.c
@@ -0,0 +1,121 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2023 Wei Gao <wegao@suse.com>
+ */
+
+/*\
+ * Verify disallows open of FIFOs or regular files not owned by the user in world
+ * writable sticky directories
+ */
+
+#include <pwd.h>
+#include <stdlib.h>
+#include "tst_test.h"
+#include "tst_safe_file_at.h"
+
+#define  FILENAME  "setuid04_testfile"
+#define  DIR "ltp_tmp_check1"
+#define  TEST_FILE "test_file_1"
+#define  TEST_FIFO "test_fifo_1"
+#define  LTP_USR_UID1 1000
+#define  LTP_USR_UID2 1001
+#define  CONCAT(dir, filename) dir "/" filename
+#define  PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
+#define  PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
+
+static int dir_fd;
+
+static void run(void)
+{
+	SAFE_CHMOD(DIR, 0777 | S_ISVTX);
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0);
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID1);
+
+		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
+
+		SAFE_CLOSE(fd);
+
+		SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID2);
+
+		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
+
+		SAFE_CLOSE(fd);
+
+		fd = TST_EXP_FD(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
+		SAFE_CLOSE(fd);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1);
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID2);
+		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
+		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2);
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2);
+	SAFE_CHMOD(DIR, 0020 | S_ISVTX);
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID2);
+		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
+		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+	SAFE_UNLINK(CONCAT(DIR, TEST_FIFO));
+}
+
+static void setup(void)
+{
+	umask(0);
+	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
+	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
+}
+
+static void cleanup(void)
+{
+	if (dir_fd != -1)
+		SAFE_CLOSE(dir_fd);
+}
+
+static struct tst_test test = {
+	.setup = setup,
+	.cleanup = cleanup,
+	.needs_root = 1,
+	.test_all = run,
+	.needs_tmpdir = 1,
+	.forks_child = 1,
+	.save_restore = (const struct tst_path_val[]) {
+		{PROTECTED_REGULAR, NULL, TST_SR_TCONF},
+		{PROTECTED_FIFOS, NULL, TST_SR_TCONF},
+		{}
+	},
+	.tags = (const struct tst_tag[]) {
+		{"linux-git", "30aba6656f61ed44cba445a3c0d38b296fa9e8f5"},
+		{}
+	}
+};
-- 
2.35.3


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4] open16: allow restricted O_CREAT of FIFOs and regular files

[Cyril Hrubis]

Hi!
> +/*\
> + * Verify disallows open of FIFOs or regular files not owned by the user in world
> + * writable sticky directories
> + */
> +
> +#include <pwd.h>
> +#include <stdlib.h>
> +#include "tst_test.h"
> +#include "tst_safe_file_at.h"
> +
> +#define  FILENAME  "setuid04_testfile"
> +#define  DIR "ltp_tmp_check1"
> +#define  TEST_FILE "test_file_1"
> +#define  TEST_FIFO "test_fifo_1"
> +#define  LTP_USR_UID1 1000
> +#define  LTP_USR_UID2 1001
> +#define  CONCAT(dir, filename) dir "/" filename
> +#define  PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
> +#define  PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
           ^
	   Just a single space?

> +
> +static int dir_fd;
> +
> +static void run(void)
> +{
> +	SAFE_CHMOD(DIR, 0777 | S_ISVTX);



> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0);

Huh, why not just SAFE_FILE_PRINTF(PROTECTED_FIFOS, "0") ?

> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID1);
> +
> +		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
> +
> +		SAFE_CLOSE(fd);
                ^
		if (TST_PASS)
			SAFE_CLOSE(TST_RET);

Also this seems like a setup phase, so we should probably use just
SAFE_OPEN() instead of the TST_EXP_FD() at this point.

> +		SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777);
                                  ^
We usually do this as:

#define TEST_FIFO_PATH DIR "/" TEST_FIFO

And use the TEST_FIFO_PATH instead.


Or we can just do SAFE_CHDIR(DIR) after the fork and use just the file
names.

> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +
> +		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
> +
> +		SAFE_CLOSE(fd);

Here as well:

		if (TST_PASS)
			SAFE_CLOSE(TST_RET)

> +		fd = TST_EXP_FD(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
> +		SAFE_CLOSE(fd);

And here as well.

> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1);

Here as well why the %d?

> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
> +		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2);

And here as well.

> +	SAFE_CHMOD(DIR, 0020 | S_ISVTX);
> +
> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
> +		TST_EXP_FAIL(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777), EACCES);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +	SAFE_UNLINK(CONCAT(DIR, TEST_FIFO));
> +}
> +
> +static void setup(void)
> +{
> +	umask(0);
> +	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
> +	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
> +}
> +
> +static void cleanup(void)
> +{
> +	if (dir_fd != -1)
> +		SAFE_CLOSE(dir_fd);
> +}
> +
> +static struct tst_test test = {
> +	.setup = setup,
> +	.cleanup = cleanup,
> +	.needs_root = 1,
> +	.test_all = run,
> +	.needs_tmpdir = 1,
> +	.forks_child = 1,
> +	.save_restore = (const struct tst_path_val[]) {
> +		{PROTECTED_REGULAR, NULL, TST_SR_TCONF},
> +		{PROTECTED_FIFOS, NULL, TST_SR_TCONF},
> +		{}
> +	},
> +	.tags = (const struct tst_tag[]) {
> +		{"linux-git", "30aba6656f61ed44cba445a3c0d38b296fa9e8f5"},
                               ^
			       We usually shorten these to just first 12
			       characters.

> +		{}
> +	}
> +};
> -- 
> 2.35.3
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v5] open16: allow restricted O_CREAT of FIFOs and regular files

[Wei Gao via ltp]

This commit adds test cases to verify the security restrictions for opening
FIFOs and regular files in world-writable sticky directories.

Signed-off-by: Wei Gao <wegao@suse.com>
---
 runtest/syscalls                          |   1 +
 testcases/kernel/syscalls/open/.gitignore |   1 +
 testcases/kernel/syscalls/open/open16.c   | 124 ++++++++++++++++++++++
 3 files changed, 126 insertions(+)
 create mode 100644 testcases/kernel/syscalls/open/open16.c

diff --git a/runtest/syscalls b/runtest/syscalls
index 3531c2a3c..0de9bfaef 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -984,6 +984,7 @@ open12 open12
 open13 open13
 open14 open14
 open15 open15
+open16 open16
 
 openat01 openat01
 openat02 openat02
diff --git a/testcases/kernel/syscalls/open/.gitignore b/testcases/kernel/syscalls/open/.gitignore
index af5997572..d2cacc02e 100644
--- a/testcases/kernel/syscalls/open/.gitignore
+++ b/testcases/kernel/syscalls/open/.gitignore
@@ -13,3 +13,4 @@
 /open13
 /open14
 /open15
+/open16
diff --git a/testcases/kernel/syscalls/open/open16.c b/testcases/kernel/syscalls/open/open16.c
new file mode 100644
index 000000000..6e01dde26
--- /dev/null
+++ b/testcases/kernel/syscalls/open/open16.c
@@ -0,0 +1,124 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2023 Wei Gao <wegao@suse.com>
+ */
+
+/*\
+ * Verify disallows open of FIFOs or regular files not owned by the user in world
+ * writable sticky directories
+ */
+
+#include <pwd.h>
+#include <stdlib.h>
+#include "tst_test.h"
+#include "tst_safe_file_at.h"
+
+#define FILENAME  "setuid04_testfile"
+#define DIR "ltp_tmp_check1"
+#define TEST_FILE "test_file_1"
+#define TEST_FIFO "test_fifo_1"
+#define LTP_USR_UID1 1000
+#define LTP_USR_UID2 1001
+#define PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
+#define PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
+#define TEST_FIFO_PATH DIR "/" TEST_FIFO
+
+static int dir_fd;
+
+static void run(void)
+{
+	SAFE_CHMOD(DIR, 0777 | S_ISVTX);
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "0");
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "0");
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID1);
+
+		int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);
+
+		SAFE_CLOSE(fd);
+
+		SAFE_MKFIFO(TEST_FIFO_PATH, 0777);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID2);
+
+		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
+
+		if (TST_PASS)
+			SAFE_CLOSE(fd);
+
+		fd = TST_EXP_FD(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777));
+
+		if (TST_PASS)
+			SAFE_CLOSE(fd);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "1");
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "1");
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID2);
+		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
+		TST_EXP_FAIL(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777), EACCES);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+
+	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "2");
+	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "2");
+	SAFE_CHMOD(DIR, 0020 | S_ISVTX);
+
+	if (!SAFE_FORK()) {
+		SAFE_SETUID(LTP_USR_UID2);
+		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
+		TST_EXP_FAIL(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777), EACCES);
+
+		exit(0);
+	}
+
+	tst_reap_children();
+	SAFE_UNLINK(TEST_FIFO_PATH);
+}
+
+static void setup(void)
+{
+	umask(0);
+	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
+	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
+}
+
+static void cleanup(void)
+{
+	if (dir_fd != -1)
+		SAFE_CLOSE(dir_fd);
+}
+
+static struct tst_test test = {
+	.setup = setup,
+	.cleanup = cleanup,
+	.needs_root = 1,
+	.test_all = run,
+	.needs_tmpdir = 1,
+	.forks_child = 1,
+	.save_restore = (const struct tst_path_val[]) {
+		{PROTECTED_REGULAR, NULL, TST_SR_TCONF},
+		{PROTECTED_FIFOS, NULL, TST_SR_TCONF},
+		{}
+	},
+	.tags = (const struct tst_tag[]) {
+		{"linux-git", "30aba6656f61"},
+		{}
+	}
+};
-- 
2.49.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v5] open16: allow restricted O_CREAT of FIFOs and regular files

[Andrea Cervesato via ltp]

Hi!

On Wed Jul 23, 2025 at 5:46 PM CEST, Wei Gao via ltp wrote:
> This commit adds test cases to verify the security restrictions for opening
> FIFOs and regular files in world-writable sticky directories.
>
> Signed-off-by: Wei Gao <wegao@suse.com>
> ---
>  runtest/syscalls                          |   1 +
>  testcases/kernel/syscalls/open/.gitignore |   1 +
>  testcases/kernel/syscalls/open/open16.c   | 124 ++++++++++++++++++++++
>  3 files changed, 126 insertions(+)
>  create mode 100644 testcases/kernel/syscalls/open/open16.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 3531c2a3c..0de9bfaef 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -984,6 +984,7 @@ open12 open12
>  open13 open13
>  open14 open14
>  open15 open15
> +open16 open16
>  
>  openat01 openat01
>  openat02 openat02
> diff --git a/testcases/kernel/syscalls/open/.gitignore b/testcases/kernel/syscalls/open/.gitignore
> index af5997572..d2cacc02e 100644
> --- a/testcases/kernel/syscalls/open/.gitignore
> +++ b/testcases/kernel/syscalls/open/.gitignore
> @@ -13,3 +13,4 @@
>  /open13
>  /open14
>  /open15
> +/open16
> diff --git a/testcases/kernel/syscalls/open/open16.c b/testcases/kernel/syscalls/open/open16.c
> new file mode 100644
> index 000000000..6e01dde26
> --- /dev/null
> +++ b/testcases/kernel/syscalls/open/open16.c
> @@ -0,0 +1,124 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) 2023 Wei Gao <wegao@suse.com>
> + */
> +
> +/*\
> + * Verify disallows open of FIFOs or regular files not owned by the user in world
> + * writable sticky directories
> + */
> +
> +#include <pwd.h>
> +#include <stdlib.h>
> +#include "tst_test.h"
> +#include "tst_safe_file_at.h"
> +
> +#define FILENAME  "setuid04_testfile"

Never used.

> +#define DIR "ltp_tmp_check1"
> +#define TEST_FILE "test_file_1"
> +#define TEST_FIFO "test_fifo_1"
> +#define LTP_USR_UID1 1000
> +#define LTP_USR_UID2 1001

If target is to have a UID that doesn't belong to the current user,
we can just have:

  pw = SAFE_GETPWNAM("nobody");

and use the provided UID.

> +#define PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
> +#define PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
> +#define TEST_FIFO_PATH DIR "/" TEST_FIFO
> +
> +static int dir_fd;

Not initialized to -1.

> +
> +static void run(void)
> +{
> +	SAFE_CHMOD(DIR, 0777 | S_ISVTX);
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "0");
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "0");
> +
> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID1);
> +
> +		int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);
> +
> +		SAFE_CLOSE(fd);
> +
> +		SAFE_MKFIFO(TEST_FIFO_PATH, 0777);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +
> +		int fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));
> +
> +		if (TST_PASS)
> +			SAFE_CLOSE(fd);
> +
> +		fd = TST_EXP_FD(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777));
> +
> +		if (TST_PASS)
> +			SAFE_CLOSE(fd);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "1");
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "1");
> +
> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
> +		TST_EXP_FAIL(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777), EACCES);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "2");
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "2");
> +	SAFE_CHMOD(DIR, 0020 | S_ISVTX);
> +
> +	if (!SAFE_FORK()) {
> +		SAFE_SETUID(LTP_USR_UID2);
> +		TST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);
> +		TST_EXP_FAIL(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777), EACCES);
> +
> +		exit(0);
> +	}
> +
> +	tst_reap_children();
> +	SAFE_UNLINK(TEST_FIFO_PATH);
> +}
> +
> +static void setup(void)
> +{
> +	umask(0);
> +	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
> +	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
> +}
> +
> +static void cleanup(void)
> +{
> +	if (dir_fd != -1)
> +		SAFE_CLOSE(dir_fd);
> +}
> +
> +static struct tst_test test = {
> +	.setup = setup,
> +	.cleanup = cleanup,
> +	.needs_root = 1,
> +	.test_all = run,
> +	.needs_tmpdir = 1,
> +	.forks_child = 1,
> +	.save_restore = (const struct tst_path_val[]) {
> +		{PROTECTED_REGULAR, NULL, TST_SR_TCONF},
> +		{PROTECTED_FIFOS, NULL, TST_SR_TCONF},
> +		{}
> +	},
> +	.tags = (const struct tst_tag[]) {
> +		{"linux-git", "30aba6656f61"},
> +		{}
> +	}
> +};


-- 
Andrea Cervesato
SUSE QE Automation Engineer Linux
andrea.cervesato@suse.com


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp