[LTP] [PATCH 3/3] Add test for CVE 2018-13405
Richard Palethorpe
rpalethorpe@suse.de
Tue Aug 17 13:53:34 CEST 2021
Hello Martin,
Martin Doucha <mdoucha@suse.cz> writes:
> On 17. 08. 21 12:23, Richard Palethorpe wrote:
>> Hello Martin,
>>
>> Martin Doucha <mdoucha@suse.cz> writes:
>>> +static void setup(void)
>>> +{
>>> + struct stat buf;
>>> + struct passwd *ltpuser = SAFE_GETPWNAM("nobody");
>>> + struct group *ltpgroup = SAFE_GETGRNAM("bin");
>>
>> These might not exist on some systems. I think you can just pick
>> arbitrary UID/GID numbers instead. No need to check the user/group
>> databases.
>
> I'm planning to rewrite this test after the first two patches get
> merged. See previous discussion under the creat08 patch.
Ah, yes, sorry.
>
>
>>> +static void cleanup(void)
>>> +{
>>> + SAFE_SETREUID(-1, orig_uid);
>>
>> Why are you doing this? I am assuming the temp dir will be deleted by
>> the parent process.
>
> That assumption is incorrect.
>
> https://github.com/linux-test-project/ltp/commit/3833d44a2ba3773359d3b35a2108af691d75b4f9
This looks different as we call semctl in the cleanup callback. It
appears the testdir/tempdir cleanup is done from the parent
process. i.e. from do_exit() which is only called if pid == lib_pid.
--
Thank you,
Richard.
More information about the ltp
mailing list