[LTP] [PATCH] read_all: Drop privileges
Xiao Yang
yangx.jy@cn.fujitsu.com
Wed May 16 11:39:01 CEST 2018
Hi Richard,
If the permission of /dev/watchdog was 0600(default permission on RHEL7), we could not read /dev/watchdog
as nobody user and returned EACCES as expected.
If the permission of /dev/watchdog was 0660(default permission on RHEL6), Reading /dev/watchdog as nobody
user failed, but still led to system reboot.
I think reading /dev/watchdog as nobody user should get EACCES even if the permission is 0660, but i am not
sure whether this is a watchdog bug in kernel or not.
Thanks,
Xiao Yang
On 2018/05/15 18:55, Richard Palethorpe wrote:
> Hello,
>
> Cyril Hrubis writes:
>
>> Hi!
>>> +static void maybe_drop_privs(void)
>>> +{
>>> + struct passwd *nobody;
>>> +
>>> + if (!drop_privs)
>>> + return;
>>> +
>>> + nobody = SAFE_GETPWNAM("nobody");
>>> +
>>> + TEST(setgid(nobody->pw_gid));
>>> + if (TEST_RETURN< 0&& TEST_ERRNO != EPERM)
>>> + tst_res(TBROK | TTERRNO, "Failed to use nobody gid");
>> ^
>> Shouldn't this be tst_brk()?
>>
>>> + TEST(setuid(nobody->pw_uid));
>>> + if (TEST_RETURN< 0&& TEST_ERRNO != EPERM)
>>> + tst_res(TBROK | TTERRNO, "Failed to use nobody uid");
>> ^
>> And here as well?
>>
>> Otherwise it looks fine.
> Well spotted, yes it should.
>
More information about the ltp
mailing list