[LTP] [PATCH] read_all: Drop privileges
Xiao Yang
yangx.jy@cn.fujitsu.com
Thu May 17 12:20:48 CEST 2018
On 2018/05/16 19:44, Cyril Hrubis wrote:
> Hi!
>> If the permission of /dev/watchdog was 0660(default permission on RHEL6), Reading /dev/watchdog as nobody
>> user failed, but still led to system reboot.
> If unprivileged user can reboot the system it's a bug.
Hi Cyril,
Sorry, it seems a bug in open(2) instead of watchdog.
You can reproduce the issue by running the following test.c:
----------------------------------------------------------------------------------------------------------
#include <errno.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <pwd.h>
#include <unistd.h>
#include <stdlib.h>
static void switch_privs(void)
{
struct passwd *nobody;
int ret;
nobody = getpwnam("nobody");
if (nobody == NULL) {
printf("getpwnam(nobody) failed with errno %d\n", errno);
exit(1);
}
ret = setgid(nobody->pw_gid);
if (ret < 0) {
printf("Failed to use nobody gid with errno %d\n", errno);
exit(1);
}
ret = setuid(nobody->pw_uid);
if (ret < 0) {
printf("Failed to use nobody uid with errno %d\n", errno);
exit(1);
}
}
int main(void)
{
int fd;
umask(0);
fd = open("testfile", O_RDWR | O_CREAT, 0660);
if (fd < 0) {
printf("open(testfile) failed with errno %d\n", errno);
return 1;
}
close(fd);
switch_privs();
fd = open("testfile", O_RDWR);
if (fd < 0) {
printf("open(testfile) failed with errno %d\n", errno);
return 1;
}
printf("open(testfile) succeeded unexpectedly\n");
close(fd);
}
------------------------------------------------------------------------------------------------------------
# gcc -o test test.c
# ./test
open(testfile) succeeded unexpectedly
We created a test file with 0660 mode as root user, and opened the test
file as nobody user switched by setuid() and setgid().
Running this test got success rather than EACCES. Do you think this is
a bug or i misunderstand the permissions of file?
Thanks,
Xiao Yang
More information about the ltp
mailing list