Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 618704 Details for
Bug 599706
sys-apps/sandbox: fchown()/fchmod() can modify fd even when opened O_RDONLY
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
0002-tests-add-test-case-for-fchown-fchmod-with-O_RDONLY.patch
0002-tests-add-test-case-for-fchown-fchmod-with-O_RDONLY.patch (text/plain), 4.16 KB, created by
Michael Orlitzky
on 2020-03-14 02:04:59 UTC
(
hide
)
Description:
0002-tests-add-test-case-for-fchown-fchmod-with-O_RDONLY.patch
Filename:
MIME Type:
Creator:
Michael Orlitzky
Created:
2020-03-14 02:04:59 UTC
Size:
4.16 KB
patch
obsolete
>From 13849a6931671fbf22e5487099b02da447419e07 Mon Sep 17 00:00:00 2001 >From: Michael Orlitzky <mjo@gentoo.org> >Date: Sat, 27 Jan 2018 20:05:02 -0500 >Subject: [PATCH 2/3] tests: add test case for fchown/fchmod with O_RDONLY. > >Bug: https://bugs.gentoo.org/599706 >Signed-off-by: Michael Orlitzky <mjo@gentoo.org> >--- > tests/Makefile.am | 2 ++ > tests/fchmod-0.c | 35 +++++++++++++++++++++++++++++++++++ > tests/fchmod-1.sh | 14 ++++++++++++++ > tests/fchmod.at | 1 + > tests/fchown-0.c | 34 ++++++++++++++++++++++++++++++++++ > tests/fchown-1.sh | 14 ++++++++++++++ > tests/fchown.at | 1 + > 7 files changed, 101 insertions(+) > create mode 100644 tests/fchmod-0.c > create mode 100755 tests/fchmod-1.sh > create mode 100644 tests/fchmod.at > create mode 100644 tests/fchown-0.c > create mode 100755 tests/fchown-1.sh > create mode 100644 tests/fchown.at > >diff --git a/tests/Makefile.am b/tests/Makefile.am >index 3baf5b1..7763c5a 100644 >--- a/tests/Makefile.am >+++ b/tests/Makefile.am >@@ -21,7 +21,9 @@ check_PROGRAMS = \ > execv-0 \ > execvp-0 \ > faccessat-0 \ >+ fchmod-0 \ > fchmodat-0 \ >+ fchown-0 \ > fchownat-0 \ > fopen-0 \ > fopen64-0 \ >diff --git a/tests/fchmod-0.c b/tests/fchmod-0.c >new file mode 100644 >index 0000000..de0c237 >--- /dev/null >+++ b/tests/fchmod-0.c >@@ -0,0 +1,35 @@ >+/* >+ * https://bugs.gentoo.org/599706 >+ * >+ */ >+ >+#include "headers.h" >+ >+int main(int argc, char *argv[]) >+{ >+ if (argc < 2) >+ return -2; >+ >+ int mode = 0; >+ sscanf(argv[1], "%i", &mode); >+ /* The sandbox catches this: >+ * >+ * int fd = open(argv[2], O_RDWR); >+ * >+ * And it /should/ catch this: >+ * >+ * int fd = open(argv[2], O_RDONLY); >+ * >+ * ...but the latter only works when /proc/self/fd/%i >+ * is available. >+ * >+ */ >+#ifdef SANDBOX_PROC_SELF_FD >+ int fd = open(argv[2], O_RDONLY); >+#else >+ int fd = open(argv[2], O_RDWR); >+#endif >+ int fchmod_result = fchmod(fd, (mode_t)mode); >+ close(fd); >+ return fchmod_result; >+} >diff --git a/tests/fchmod-1.sh b/tests/fchmod-1.sh >new file mode 100755 >index 0000000..db404ba >--- /dev/null >+++ b/tests/fchmod-1.sh >@@ -0,0 +1,14 @@ >+#!/bin/sh >+# >+# https://bugs.gentoo.org/599706 >+# >+ >+addwrite $PWD >+ >+# The sandbox doesn't log anything when it returns a junk file >+# descriptor? It doesn't look like we can test the contents of >+# sandbox.log here... instead, we just have to count on fchmod >+# failing, which it does if you use O_RDWR, and it *should* if you use >+# O_RDONLY (because that won't stop the change of permissions). >+fchmod-0 $(stat --format='%#04a' ../..) ../.. && exit 1 >+exit 0 >diff --git a/tests/fchmod.at b/tests/fchmod.at >new file mode 100644 >index 0000000..081d7d2 >--- /dev/null >+++ b/tests/fchmod.at >@@ -0,0 +1 @@ >+SB_CHECK(1) >diff --git a/tests/fchown-0.c b/tests/fchown-0.c >new file mode 100644 >index 0000000..7fdca73 >--- /dev/null >+++ b/tests/fchown-0.c >@@ -0,0 +1,34 @@ >+/* >+ * https://bugs.gentoo.org/599706 >+ * >+ */ >+ >+#include "headers.h" >+ >+int main(int argc, char *argv[]) >+{ >+ if (argc < 3) >+ return -2; >+ >+ uid_t uid = atoi(argv[1]); >+ gid_t gid = atoi(argv[2]); >+ /* The sandbox catches this: >+ * >+ * int fd = open(argv[3], O_RDWR); >+ * >+ * And it /should/ catch this: >+ * >+ * int fd = open(argv[3], O_RDONLY); >+ * >+ * ...but the latter only works when /proc/self/fd/%i >+ * is available. >+ */ >+#ifdef SANDBOX_PROC_SELF_FD >+ int fd = open(argv[3], O_RDONLY); >+#else >+ int fd = open(argv[3], O_RDWR); >+#endif >+ int fchown_result = fchown(fd, uid, gid); >+ close(fd); >+ return fchown_result; >+} >diff --git a/tests/fchown-1.sh b/tests/fchown-1.sh >new file mode 100755 >index 0000000..1b4a173 >--- /dev/null >+++ b/tests/fchown-1.sh >@@ -0,0 +1,14 @@ >+#!/bin/sh >+# >+# https://bugs.gentoo.org/599706 >+# >+ >+addwrite $PWD >+ >+# The sandbox doesn't log anything when it returns a junk file >+# descriptor? It doesn't look like we can test the contents of >+# sandbox.log here... instead, we just have to count on fchown >+# failing, which it does if you use O_RDWR, and it *should* if you use >+# O_RDONLY (because that won't stop the change of ownership). >+fchown-0 ${SB_UID} ${SB_GID} ../.. && exit 1 >+exit 0 >diff --git a/tests/fchown.at b/tests/fchown.at >new file mode 100644 >index 0000000..081d7d2 >--- /dev/null >+++ b/tests/fchown.at >@@ -0,0 +1 @@ >+SB_CHECK(1) >-- >2.24.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=618704">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 599706
:
453296
|
516938
|
516940
|
516944
|
618702
|
618704
|
618706
|
864316
|
864317
