[LTP] [PATCH v1] open15: allow restricted O_CREAT of FIFOs and regular files

Fri Dec 8 16:34:35 CET 2023

Hi!
> +// SPDX-License-Identifier: GPL-2.0-only

The default license should be GPL-2.0-or-later for new tests.

> +/*
> + * Copyright (c) 2023 Wei Gao <wegao@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Verify disallows open of FIFOs or regular files not owned by the user in world
> + * writable sticky directories
> + *
> + * Linux commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5
> + */
> +
> +#include <pwd.h>
> +#include <stdlib.h>
> +#include "tst_test.h"
> +#include "tst_safe_file_at.h"
> +
> +#define  FILENAME  "setuid04_testfile"
> +#define  DIR "ltp_tmp_check1"
> +#define  TEST_FILE "test_file_1"
> +#define  TEST_FIFO "test_fifo_1"
> +#define  LTP_USER1 "ltp_user1"
> +#define  LTP_USER2 "ltp_user2"
> +#define  CONCAT(dir, filename) dir "/" filename
> +#define  PROTECTED_REGULAR "/proc/sys/fs/protected_regular"
> +#define  PROTECTED_FIFOS "/proc/sys/fs/protected_fifos"
> +
> +static int LTP_USER1_UID;
> +static int LTP_USER2_UID;
> +static int dir_fd;
> +
> +static void run(void)
> +{
> +	int pid;
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 0);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 0);
> +
> +	pid = SAFE_FORK();
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER1_UID);
> +
> +		int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);
> +
> +		SAFE_CLOSE(fd);
> +		fd = SAFE_MKFIFO(CONCAT(DIR, TEST_FIFO), 0777);
> +		SAFE_CLOSE(fd);
> +
> +		TST_CHECKPOINT_WAKE(0);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(0);

This shouldn't be checkpoint, but rather you should wait for the child
process with tst_reap_children() and the same in all the other cases.

> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER2_UID);
> +
> +		int fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);

This can't be SAFE_OPENAT() since it will TBROK instead of TFAIL in a
case of a failure. You have to do the TST_EXP_FD(openat(...)) instead.

And the same for all the cases that shouldn't fail.

> +		tst_res(TPASS, "check protect_regural == 0 pass");
> +		SAFE_CLOSE(fd);
> +
> +		fd = SAFE_OPEN(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT);
> +		tst_res(TPASS, "check protect_fifos == 0 pass");
> +		SAFE_CLOSE(fd);
> +
> +		TST_CHECKPOINT_WAKE(1);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(1);
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 1);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 1);
> +
> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER2_UID);
> +
> +		TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_regural == 1 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_regural == 1 failed");

And here you have to do TST_EXP_FAIL(openat(...)) and in all the failing
cases as well.

> +		TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_fifos == 1 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_fifos == 1 failed");
> +
> +		TST_CHECKPOINT_WAKE(2);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(2);
> +
> +	SAFE_FILE_PRINTF(PROTECTED_REGULAR, "%d", 2);
> +	SAFE_FILE_PRINTF(PROTECTED_FIFOS, "%d", 2);
> +	SAFE_CHMOD(DIR, 0020 | S_ISVTX);
> +
> +	pid = SAFE_FORK();
> +
> +	if (pid == 0) {
> +		SAFE_SETUID(LTP_USER2_UID);
> +
> +		TEST(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_regural == 2 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_regural == 2 failed");
> +
> +		TEST(open(CONCAT(DIR, TEST_FIFO), O_RDWR | O_CREAT, 0777));
> +		if (TST_RET == -1 && TST_ERR == EACCES)
> +			tst_res(TPASS, "check protect_fifos == 2 pass");
> +		else
> +			tst_res(TFAIL | TERRNO, "check protect_fifos == 2 failed");
> +
> +		TST_CHECKPOINT_WAKE(3);
> +		exit(0);
> +	}
> +
> +	TST_CHECKPOINT_WAIT(3);
> +}
> +
> +static int add_user(char *username)
> +{
> +	const char *const cmd_useradd[] = {"useradd", username, NULL};
> +	struct passwd *ltpuser;
> +	int rc, uid = -1;
> +
> +	switch ((rc = tst_cmd(cmd_useradd, NULL, NULL, TST_CMD_PASS_RETVAL))) {
> +	case 0:
> +	case 9:
> +		ltpuser = SAFE_GETPWNAM(username);
> +		uid = ltpuser->pw_uid;
> +		break;
> +	default:
> +		tst_brk(TBROK, "Useradd failed (%d)", rc);
> +	}
> +
> +	return uid;
> +}
> +
> +static void del_user(char *username)
> +{
> +	const char *const cmd_userdel[] = {"userdel", "-r", username, NULL};
> +
> +	tst_cmd(cmd_userdel, NULL, NULL, TST_CMD_PASS_RETVAL);
> +
> +}
> +
> +static void setup(void)
> +{
> +	umask(0);
> +	SAFE_MKDIR(DIR, 0777 | S_ISVTX);
> +
> +	dir_fd = SAFE_OPEN(DIR, O_DIRECTORY);
> +
> +	LTP_USER1_UID = add_user(LTP_USER1);
> +	LTP_USER2_UID = add_user(LTP_USER2);

We actually does not need to add users for these tests, we can just
choose two random UIDs and use them, since all the kernel does is to
compare the UIDs of the processes...

So we can just do:

#define LTP_USR_UID1 1000
#define LTP_USR_UID2 1001

> +}
> +
> +static void cleanup(void)
> +{
> +	del_user(LTP_USER1);
> +	del_user(LTP_USER2);
> +}
> +
> +static struct tst_test test = {
> +	.setup = setup,
> +	.cleanup = cleanup,
> +	.needs_root = 1,
> +	.test_all = run,
> +	.needs_tmpdir = 1,
> +	.forks_child = 1,
> +	.save_restore = (const struct tst_path_val[]) {
> +		{PROTECTED_REGULAR, NULL, TST_SR_SKIP},
> +		{PROTECTED_FIFOS, NULL, TST_SR_SKIP},
                                         ^
					 TST_SR_TCONF

Since we want to skip the test if these files are missing.

> +		{}
> +	},
> +	.needs_checkpoints = 1,
> +};
> -- 
> 2.35.3
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Cyril Hrubis
chrubis@suse.cz