[LTP] [PATCH v3 2/2] Add landlock07 test
Andrea Cervesato
andrea.cervesato@suse.de
Wed Aug 21 15:49:14 CEST 2024
From: Andrea Cervesato <andrea.cervesato@suse.com>
This test is a reproducer for the CVE-2024-42318 bug, also known as
landlock Houdini.
More information at:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42318
Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
runtest/syscalls | 1 +
testcases/kernel/syscalls/landlock/.gitignore | 1 +
testcases/kernel/syscalls/landlock/landlock07.c | 109 ++++++++++++++++++++++++
3 files changed, 111 insertions(+)
diff --git a/runtest/syscalls b/runtest/syscalls
index fea0c9828..a9fc8c432 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -706,6 +706,7 @@ landlock03 landlock03
landlock04 landlock04
landlock05 landlock05
landlock06 landlock06
+landlock07 landlock07
lchown01 lchown01
lchown01_16 lchown01_16
diff --git a/testcases/kernel/syscalls/landlock/.gitignore b/testcases/kernel/syscalls/landlock/.gitignore
index 315ac1dca..db11bff2f 100644
--- a/testcases/kernel/syscalls/landlock/.gitignore
+++ b/testcases/kernel/syscalls/landlock/.gitignore
@@ -5,3 +5,4 @@ landlock03
landlock04
landlock05
landlock06
+landlock07
diff --git a/testcases/kernel/syscalls/landlock/landlock07.c b/testcases/kernel/syscalls/landlock/landlock07.c
new file mode 100644
index 000000000..68045da3b
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/landlock07.c
@@ -0,0 +1,109 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/**
+ * [Description]
+ *
+ * CVE-2024-42318
+ *
+ * Test to check if sysem is affected by Landlock Houdini bug:
+ * https://www.suse.com/security/cve/CVE-2024-42318.html
+ *
+ * Kernel bug fixed in:
+ *
+ * commit 39705a6c29f8a2b93cf5b99528a55366c50014d1
+ * Author: Jann Horn <jannh@google.com>
+ * Date: Wed Jul 24 14:49:01 2024 +0200
+ *
+ * landlock: Don't lose track of restrictions on cred_transfer
+ */
+
+#include "tst_test.h"
+#include "lapi/prctl.h"
+#include "lapi/keyctl.h"
+#include "tst_test_macros.h"
+#include "landlock_common.h"
+
+static struct landlock_ruleset_attr *ruleset_attr;
+static int ruleset_fd;
+
+static pid_t spawn_houdini(void)
+{
+ pid_t pid;
+
+ SAFE_KEYCTL(KEYCTL_JOIN_SESSION_KEYRING, 0, 0, 0, 0);
+
+ pid = SAFE_FORK();
+ if (!pid) {
+ SAFE_KEYCTL(KEYCTL_JOIN_SESSION_KEYRING, 0, 0, 0, 0);
+ SAFE_KEYCTL(KEYCTL_SESSION_TO_PARENT, 0, 0, 0, 0);
+ exit(0);
+ }
+
+ return pid;
+}
+
+static void run(void)
+{
+ pid_t pid_houdini;
+
+ if (SAFE_FORK())
+ return;
+
+ SAFE_PRCTL(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+ SAFE_LANDLOCK_RESTRICT_SELF(ruleset_fd, 0);
+
+ TST_EXP_FAIL(open("/dev/null", O_WRONLY), EACCES);
+ if (TST_RET != -1) {
+ SAFE_CLOSE(TST_RET);
+ return;
+ }
+
+ pid_houdini = spawn_houdini();
+ SAFE_WAITPID(pid_houdini, NULL, 0);
+
+ TST_EXP_FAIL(open("/dev/null", O_WRONLY), EACCES);
+ if (TST_RET != -1)
+ SAFE_CLOSE(TST_RET);
+
+ exit(0);
+}
+
+static void setup(void)
+{
+ verify_landlock_is_enabled();
+
+ ruleset_attr->handled_access_fs = LANDLOCK_ACCESS_FS_WRITE_FILE;
+ ruleset_fd = SAFE_LANDLOCK_CREATE_RULESET(
+ ruleset_attr,
+ sizeof(struct landlock_ruleset_attr),
+ 0);
+}
+
+static void cleanup(void)
+{
+ if (ruleset_fd != -1)
+ SAFE_CLOSE(ruleset_fd);
+}
+
+static struct tst_test test = {
+ .test_all = run,
+ .setup = setup,
+ .cleanup = cleanup,
+ .forks_child = 1,
+ .bufs = (struct tst_buffers []) {
+ {&ruleset_attr, .size = sizeof(struct landlock_ruleset_attr)},
+ {},
+ },
+ .caps = (struct tst_cap []) {
+ TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
+ {}
+ },
+ .tags = (const struct tst_tag[]) {
+ {"linux-git", "39705a6c29f8"},
+ {"CVE", "2024-42318"},
+ {}
+ }
+};
--
2.43.0
More information about the ltp
mailing list