[LTP] [PATCH v2] security/dirtyc0w_shmem: Add new test for CVE-2022-2590
David Hildenbrand
david@redhat.com
Fri Nov 25 11:20:06 CET 2022
On 25.11.22 11:06, Petr Vorel wrote:
> Hi Martin,
>
>> Hi,
>
>> On 23. 11. 22 11:35, David Hildenbrand wrote:
>>> + pid = SAFE_FORK();
>>> + if (!pid) {
>>> + SAFE_SETGID(nobody_gid);
>>> + SAFE_SETUID(nobody_uid);
>>> + SAFE_EXECLP("dirtyc0w_shmem_child", "dirtyc0w_shmem_child", NULL);
>
>> Manpage says that the last argument of execlp() must be (char*)NULL,
>> including the explicit typecast.
> I was too fast here (already merged).
>
> You're right, although we use execlp() or SAFE_EXECLP with just NULL on many
> places, including testing execlp() itself in execlp01.c. I guess we should fix
> that.
See my other mail, it's the case on all instances that pass NULL (and I
don't really see the need to do this when working with NULL.
>
>>> +#else /* UFFD_FEATURE_MINOR_SHMEM */
>>> +#include "tst_test.h"
>>> +TST_TEST_TCONF("System does not have userfaultfd minor fault support for shmem");
>>> +#endif /* UFFD_FEATURE_MINOR_SHMEM */
>
>> When the child exits through this TST_TEST_TCONF(), the
>> TST_CHECKPOINT_WAIT() in parent will fail. The parent process should not
>> even fork() when UFFD_FEATURE_MINOR_SHMEM is not defined in config.h.
> +1, this should be fixed. Please let us know if you don't have time to send fix
> yourself.
Let me know if I should send the fixup as an official, separate patch.
Thanks all!
--
Thanks,
David / dhildenb
More information about the ltp
mailing list