[LTP] [PATCH v2 3/4] syscalls/open10: Convert to new API
Martin Doucha
mdoucha@suse.cz
Thu Aug 26 13:22:11 CEST 2021
Signed-off-by: Martin Doucha <mdoucha@suse.cz>
---
Changes since v1:
- Use nobody's primary group for setgid member subtests
- Use any unassigned gid for setgid non-member subtests
- Don't switch users in cleanup()
testcases/kernel/syscalls/open/open10.c | 537 +++++-------------------
1 file changed, 107 insertions(+), 430 deletions(-)
diff --git a/testcases/kernel/syscalls/open/open10.c b/testcases/kernel/syscalls/open/open10.c
index 14feec9e1..c7c23fbdb 100644
--- a/testcases/kernel/syscalls/open/open10.c
+++ b/testcases/kernel/syscalls/open/open10.c
@@ -1,461 +1,138 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
+ * Copyright (c) International Business Machines Corp., 2002
+ * Copyright (c) 2021 SUSE LLC <mdoucha@suse.cz>
*
- * Copyright (c) International Business Machines Corp., 2002
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
- * the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ * Verify that the group ID and setgid bit are set correctly when a new file
+ * is created.
*/
-/*
- * Description:
- * Verifies that the group ID and setgid bit are
- * set correctly when a new file is created using open.
- *
- * ALGORITHM
- * Create two directories, one with the group ID of this process
- * and the setgid bit not set, and the other with a group ID
- * other than that of this process and with the setgid bit set.
- * In each directory, create a file with and without the setgid
- * bit set in the creation modes. Verify that the modes and group
- * ID are correct on each of the 4 files.
- * As root, create a file with the setgid bit on in the
- * directory with the setgid bit.
- * This tests the SVID3 create group semantics.
- */
-
-#include <stdio.h>
+#include <stdlib.h>
#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <grp.h>
#include <pwd.h>
-#include "test.h"
+#include "tst_test.h"
+#include "tst_uid.h"
-char *TCID = "open10";
-int TST_TOTAL = 1;
-static int local_flag;
+#define MODE_RWX 0777
+#define MODE_SGID (S_ISGID|0777)
-#define PASSED 1
-#define FAILED 0
+#define DIR_A "dir_a"
+#define DIR_B "dir_b"
+#define SETGID_A DIR_A "/setgid"
+#define NOSETGID_A DIR_A "/nosetgid"
+#define SETGID_B DIR_B "/setgid"
+#define NOSETGID_B DIR_B "/nosetgid"
+#define ROOT_SETGID DIR_B "/root_setgid"
-#define MODE_RWX (S_IRWXU | S_IRWXG | S_IRWXO)
-#define MODE_SGID (S_ISGID | S_IRWXU | S_IRWXG | S_IRWXO)
-#define DIR_A_TEMP "open10.testdir.A.%d"
-#define DIR_B_TEMP "open10.testdir.B.%d"
-#define SETGID "setgid"
-#define NOSETGID "nosetgid"
-#define ROOT_SETGID "root_setgid"
-#define MSGSIZE 150
+static char *tmpdir;
+static uid_t orig_uid, nobody_uid;
+static gid_t nobody_gid, free_gid;
+static int fd = -1;
-static void setup(void);
-static void cleanup(void);
-
-int main(int ac, char *av[])
+static void setup(void)
{
- int ret;
- struct stat buf;
- struct group *group;
- struct passwd *user1;
- char DIR_A[MSGSIZE], DIR_B[MSGSIZE];
- char setgid_A[MSGSIZE], nosetgid_A[MSGSIZE];
- char setgid_B[MSGSIZE], nosetgid_B[MSGSIZE], root_setgid_B[MSGSIZE];
- gid_t group1_gid, group2_gid, mygid;
- uid_t save_myuid, user1_uid;
- pid_t mypid;
-
- int lc;
- int fail_count = 0;
-
- tst_parse_opts(ac, av, NULL, NULL);
-
- setup();
-
- for (lc = 0; TEST_LOOPING(lc); lc++) {
- local_flag = PASSED;
-
- save_myuid = getuid();
- mypid = getpid();
- sprintf(DIR_A, DIR_A_TEMP, mypid);
- sprintf(DIR_B, DIR_B_TEMP, mypid);
- sprintf(setgid_A, "%s/%s", DIR_A, SETGID);
- sprintf(nosetgid_A, "%s/%s", DIR_A, NOSETGID);
- sprintf(setgid_B, "%s/%s", DIR_B, SETGID);
- sprintf(nosetgid_B, "%s/%s", DIR_B, NOSETGID);
- sprintf(root_setgid_B, "%s/%s", DIR_B, ROOT_SETGID);
-
- /* Get the uid of user1 */
- user1 = getpwnam("nobody");
- if (user1 == NULL)
- tst_brkm(TBROK, cleanup, "nobody not in /etc/passwd");
-
- user1_uid = user1->pw_uid;
-
- /*
- * Get the group IDs of group1 and group2.
- */
- group = getgrnam("nobody");
- if (group == NULL) {
- group = getgrnam("nogroup");
- if (group == NULL) {
- tst_brkm(TBROK, cleanup,
- "nobody/nogroup not in /etc/group");
- }
- }
- group1_gid = group->gr_gid;
- group = getgrnam("bin");
- if (group == NULL)
- tst_brkm(TBROK, cleanup, "bin not in /etc/group");
-
- group2_gid = group->gr_gid;
-
- /*
- * Create a directory with group id the same as this process
- * and with no setgid bit.
- */
- if (mkdir(DIR_A, MODE_RWX) < 0) {
- tst_resm(TFAIL | TERRNO, "mkdir(%s) failed", DIR_A);
- local_flag = FAILED;
- }
-
- if (chown(DIR_A, user1_uid, group2_gid) < 0) {
- tst_resm(TFAIL | TERRNO, "chown(%s) failed", DIR_A);
- local_flag = FAILED;
- }
-
- if (stat(DIR_A, &buf) < 0) {
- tst_resm(TFAIL | TERRNO, "stat(%s) failed", DIR_A);
- local_flag = FAILED;
- }
-
- /* Verify modes */
- if (buf.st_mode & S_ISGID) {
- tst_resm(TFAIL, "%s: Incorrect modes, setgid bit set",
- DIR_A);
- local_flag = FAILED;
- }
-
- /* Verify group ID */
- if (buf.st_gid != group2_gid) {
- tst_resm(TFAIL, "%s: Incorrect group (got %d and %d)",
- DIR_A, buf.st_gid, group2_gid);
- local_flag = FAILED;
- }
-
- /*
- * Create a directory with group id different from that of
- * this process and with the setgid bit set.
- */
- if (mkdir(DIR_B, MODE_RWX) < 0) {
- tst_resm(TFAIL | TERRNO, "mkdir(%s) failed", DIR_B);
- local_flag = FAILED;
- }
-
- if (chown(DIR_B, user1_uid, group2_gid) < 0) {
- tst_resm(TFAIL | TERRNO, "chown(%s) failed", DIR_B);
- local_flag = FAILED;
- }
-
- if (chmod(DIR_B, MODE_SGID) < 0) {
- tst_resm(TFAIL | TERRNO, "chmod(%s) failed", DIR_B);
- local_flag = FAILED;
- }
-
- if (stat(DIR_B, &buf) < 0) {
- tst_resm(TFAIL | TERRNO, "stat(%s) failed", DIR_B);
- local_flag = FAILED;
- }
-
- /* Verify modes */
- if (!(buf.st_mode & S_ISGID)) {
- tst_resm(TFAIL,
- "%s: Incorrect modes, setgid bit not set",
- DIR_B);
- local_flag = FAILED;
- }
-
- /* Verify group ID */
- if (buf.st_gid != group2_gid) {
- tst_resm(TFAIL, "%s: Incorrect group (got %d and %d)",
- DIR_B, buf.st_gid, group2_gid);
- local_flag = FAILED;
- }
-
- if (local_flag == PASSED) {
- tst_resm(TPASS, "Test passed in block0.");
- } else {
- tst_resm(TFAIL, "Test failed in block0.");
- fail_count++;
- }
-
- local_flag = PASSED;
-
- /*
- * Create two files in testdir.A, one with the setgid
- * bit set in the creation modes and the other without.
- * Both should inherit the group ID of the process and
- * maintain the setgid bit as specified in the creation
- * modes.
- */
- if (setgid(group1_gid) < 0) {
- tst_resm(TINFO,
- "Unable to set process group ID to group1");
- }
-
- if (setreuid(-1, user1_uid) < 0)
- tst_resm(TINFO, "Unable to set process uid to user1");
+ struct passwd *ltpuser = SAFE_GETPWNAM("nobody");
- mygid = getgid();
-
- /*
- * Create the file with setgid not set
- */
- ret = open(nosetgid_A, O_CREAT | O_EXCL | O_RDWR, MODE_RWX);
- if (ret < 0) {
- tst_resm(TFAIL | TERRNO, "open(%s) failed", nosetgid_A);
- local_flag = FAILED;
- }
- close(ret);
-
- if (stat(nosetgid_A, &buf) < 0) {
- tst_resm(TFAIL | TERRNO, "stat(%s) failed", nosetgid_A);
- local_flag = FAILED;
- }
-
- /* Verify modes */
- if (buf.st_mode & S_ISGID) {
- tst_resm(TFAIL, "%s: Incorrect modes, setgid bit set",
- nosetgid_A);
- local_flag = FAILED;
- }
-
- /* Verify group ID */
- if (buf.st_gid != mygid) {
- tst_resm(TFAIL, "%s: Incorrect group (got %d and %d)",
- nosetgid_A, buf.st_gid, mygid);
- local_flag = FAILED;
- }
-
- /*
- * Create the file with setgid set
- */
- ret = open(setgid_A, O_CREAT | O_EXCL | O_RDWR, MODE_SGID);
- if (ret < 0) {
- tst_resm(TFAIL | TERRNO, "open(%s) failed", setgid_A);
- local_flag = FAILED;
- }
- close(ret);
-
- if (stat(setgid_A, &buf) < 0) {
- tst_resm(TFAIL | TERRNO, "stat(%s) failed", setgid_A);
- local_flag = FAILED;
- }
-
- /* Verify modes */
- if (!(buf.st_mode & S_ISGID)) {
- tst_resm(TFAIL,
- "%s: Incorrect modes, setgid bit not set",
- setgid_A);
- local_flag = FAILED;
- }
-
- /* Verify group ID */
- if (buf.st_gid != mygid) {
- tst_resm(TFAIL, "%s: Incorrect group (%d and %d)",
- setgid_A, buf.st_gid, mygid);
- local_flag = FAILED;
- }
-
- if (local_flag == PASSED) {
- tst_resm(TPASS, "Test passed in block1.");
- } else {
- tst_resm(TFAIL, "Test failed in block1.");
- fail_count++;
- }
-
- local_flag = PASSED;
-
- /*
- * Create two files in testdir.B, one with the setgid
- * bit set in the creation modes and the other without.
- * Both should inherit the group ID of the parent
- * directory, group2. Either file should have the segid
- * bit set in the modes.
- */
- /*
- * Create the file with setgid not set
- */
- ret = open(nosetgid_B, O_CREAT | O_EXCL | O_RDWR, MODE_RWX);
- if (ret < 0) {
- tst_resm(TFAIL | TERRNO, "open(%s) failed", nosetgid_B);
- local_flag = FAILED;
- }
- close(ret);
-
- if (stat(nosetgid_B, &buf) < 0) {
- tst_resm(TFAIL | TERRNO, "stat(%s) failed", nosetgid_B);
- local_flag = FAILED;
- }
-
- /* Verify modes */
- if (buf.st_mode & S_ISGID) {
- tst_resm(TFAIL,
- "%s: Incorrect modes, setgid bit should be set",
- nosetgid_B);
- local_flag = FAILED;
- }
-
- /* Verify group ID */
- if (buf.st_gid != group2_gid) {
- tst_resm(TFAIL, "%s: Incorrect group (got %d and %d)",
- nosetgid_B, buf.st_gid, group2_gid);
- local_flag = FAILED;
- }
-
- /*
- * Create the file with setgid set
- */
- ret = open(setgid_B, O_CREAT | O_EXCL | O_RDWR, MODE_SGID);
- if (ret < 0) {
- tst_resm(TFAIL | TERRNO, "open(%s) failed", setgid_B);
- local_flag = FAILED;
- }
- close(ret);
-
- if (stat(setgid_B, &buf) < 0) {
- tst_resm(TFAIL | TERRNO, "stat(%s) failed", setgid_B);
- local_flag = FAILED;
- }
-
- /* Verify group ID */
- if (buf.st_gid != group2_gid) {
- tst_resm(TFAIL, "%s: Incorrect group (got %d and %d)",
- setgid_B, buf.st_gid, group2_gid);
- local_flag = FAILED;
- }
-
- /*
- * Skip S_ISGID check
- * 0fa3ecd87848 ("Fix up non-directory creation in SGID directories")
- * clears S_ISGID for files created by non-group members
- */
-
- if (local_flag == PASSED) {
- tst_resm(TPASS, "Test passed in block2.");
- } else {
- tst_resm(TFAIL, "Test failed in block2.");
- fail_count++;
- }
+ orig_uid = getuid();
+ nobody_uid = ltpuser->pw_uid;
+ nobody_gid = ltpuser->pw_gid;
+ free_gid = tst_get_free_gid(nobody_gid);
+ tmpdir = tst_get_tmpdir();
+}
- local_flag = PASSED;
+static void file_test(const char *name, mode_t mode, int sgid, gid_t gid)
+{
+ struct stat buf;
- /*
- * Create a file in testdir.B, with the setgid bit set
- * in the creation modes and do so as root. The file
- * should inherit the group ID of the parent directory,
- * group2 and should have the setgid bit set.
- */
+ fd = SAFE_OPEN(name, O_CREAT | O_EXCL | O_RDWR, mode);
+ SAFE_CLOSE(fd);
+ SAFE_STAT(name, &buf);
- /* Become root again */
- if (setreuid(-1, save_myuid) < 0) {
- tst_resm(TFAIL | TERRNO,
- "Changing back to root failed");
- local_flag = FAILED;
- }
+ if (buf.st_gid != gid) {
+ tst_res(TFAIL, "%s: Incorrect group, %u != %u", name,
+ buf.st_gid, gid);
+ } else {
+ tst_res(TPASS, "%s: Owned by correct group", name);
+ }
- /* Create the file with setgid set */
- ret = open(root_setgid_B, O_CREAT | O_EXCL | O_RDWR, MODE_SGID);
- if (ret < 0) {
- tst_resm(TFAIL | TERRNO, "open(%s) failed",
- root_setgid_B);
- local_flag = FAILED;
- }
- close(ret);
+ if (sgid < 0) {
+ tst_res(TINFO, "%s: Skipping setgid bit check", name);
+ return;
+ }
- if (stat(root_setgid_B, &buf) < 0) {
- tst_resm(TFAIL | TERRNO, "stat(%s) failed",
- root_setgid_B);
- local_flag = FAILED;
- }
+ if (buf.st_mode & S_ISGID)
+ tst_res(sgid ? TPASS : TFAIL, "%s: Setgid bit is set", name);
+ else
+ tst_res(sgid ? TFAIL : TPASS, "%s: Setgid bit not set", name);
+}
- /* Verify modes */
- if (!(buf.st_mode & S_ISGID)) {
- tst_resm(TFAIL,
- "%s: Incorrect modes, setgid bit not set",
- root_setgid_B);
- local_flag = FAILED;
- }
+static void run(void)
+{
+ struct stat buf;
- /* Verify group ID */
- if (buf.st_gid != group2_gid) {
- tst_resm(TFAIL, "%s: Incorrect group (got %d and %d)",
- root_setgid_B, buf.st_gid, group2_gid);
- local_flag = FAILED;
- }
+ /* Create directories and set permissions */
+ SAFE_MKDIR(DIR_A, MODE_RWX);
+ SAFE_CHOWN(DIR_A, nobody_uid, free_gid);
+ SAFE_STAT(DIR_A, &buf);
- if (local_flag == PASSED) {
- tst_resm(TPASS, "Test passed in block3.");
- } else {
- tst_resm(TFAIL, "Test failed in block3.");
- fail_count++;
- }
+ if (buf.st_mode & S_ISGID)
+ tst_brk(TBROK, "%s: Setgid bit is set", DIR_A);
- /*
- * Clean up any files created by test before call to anyfail.
- * Remove the directories.
- */
- if (unlink(setgid_A) < 0)
- tst_resm(TWARN | TERRNO, "unlink(%s) failed", setgid_A);
- if (unlink(nosetgid_A) < 0)
- tst_resm(TWARN | TERRNO, "unlink(%s) failed",
- nosetgid_A);
- if (rmdir(DIR_A) < 0)
- tst_resm(TWARN | TERRNO, "rmdir(%s) failed", DIR_A);
+ if (buf.st_gid != free_gid) {
+ tst_brk(TBROK, "%s: Incorrect group, %u != %u", DIR_A,
+ buf.st_gid, free_gid);
+ }
- if (unlink(setgid_B) < 0)
- tst_resm(TWARN | TERRNO, "unlink(%s) failed", setgid_B);
- if (unlink(root_setgid_B) < 0)
- tst_resm(TWARN | TERRNO, "unlink(%s) failed",
- root_setgid_B);
- if (unlink(nosetgid_B) < 0)
- tst_resm(TWARN | TERRNO, "unlink(%s) failed",
- nosetgid_B);
- if (rmdir(DIR_B) < 0)
- tst_resm(TWARN | TERRNO, "rmdir(%s) failed", DIR_B);
+ SAFE_MKDIR(DIR_B, MODE_RWX);
+ SAFE_CHOWN(DIR_B, nobody_uid, free_gid);
+ SAFE_CHMOD(DIR_B, MODE_SGID);
+ SAFE_STAT(DIR_B, &buf);
- if (fail_count == 0) {
- tst_resm(TPASS, "Test passed.");
- } else {
- tst_resm(TFAIL,
- "Test failed because of above failures.");
- }
+ if (!(buf.st_mode & S_ISGID))
+ tst_brk(TBROK, "%s: Setgid bit not set", DIR_B);
+ if (buf.st_gid != free_gid) {
+ tst_brk(TBROK, "%s: Incorrect group, %u != %u", DIR_B,
+ buf.st_gid, free_gid);
}
- cleanup();
- tst_exit();
-}
-
-static void setup(void)
-{
- tst_require_root();
- tst_sig(NOFORK, DEF_HANDLER, cleanup);
- TEST_PAUSE;
- tst_tmpdir();
+ /* Switch to user nobody and create two files in DIR_A */
+ /* Both files should inherit GID from the process */
+ SAFE_SETGID(nobody_gid);
+ SAFE_SETREUID(-1, nobody_uid);
+ file_test(NOSETGID_A, MODE_RWX, 0, nobody_gid);
+ file_test(SETGID_A, MODE_SGID, 1, nobody_gid);
+
+ /* Create two files in DIR_B and validate owner and permissions */
+ /* Both files should inherit GID from the parent directory */
+ file_test(NOSETGID_B, MODE_RWX, 0, free_gid);
+ /*
+ * CVE 2018-13405 (privilege escalation using setgid bit) has its
+ * own test, skip setgid check here
+ */
+ file_test(SETGID_B, MODE_SGID, -1, free_gid);
+
+ /* Switch back to root UID and create a file in DIR_B */
+ /* The file should inherid GID from parent directory */
+ SAFE_SETREUID(-1, orig_uid);
+ file_test(ROOT_SETGID, MODE_SGID, 1, free_gid);
+
+ /* Cleanup between loops */
+ tst_purge_dir(tmpdir);
}
static void cleanup(void)
{
- tst_rmdir();
+ if (fd >= 0)
+ SAFE_CLOSE(fd);
+
+ free(tmpdir);
}
+
+static struct tst_test test = {
+ .test_all = run,
+ .setup = setup,
+ .cleanup = cleanup,
+ .needs_root = 1,
+ .needs_tmpdir = 1,
+};
--
2.32.0
More information about the ltp
mailing list