From patchwork Tue May 15 09:51:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Richard Palethorpe X-Patchwork-Id: 913521 X-Patchwork-Delegate: chrubis@suse.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.com Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40lXsk3w0Zz9s0q for ; Tue, 15 May 2018 19:52:09 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 6A7503E755E for ; Tue, 15 May 2018 11:52:06 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-5.smtp.seeweb.it (in-5.smtp.seeweb.it [IPv6:2001:4b78:1:20::5]) by picard.linux.it (Postfix) with ESMTP id BBF173E601F for ; Tue, 15 May 2018 11:52:05 +0200 (CEST) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-5.smtp.seeweb.it (Postfix) with ESMTPS id 032AC600C48 for ; Tue, 15 May 2018 11:52:01 +0200 (CEST) Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 43E02AC6A; Tue, 15 May 2018 09:52:01 +0000 (UTC) From: Richard Palethorpe To: ltp@lists.linux.it Date: Tue, 15 May 2018 11:51:18 +0200 Message-Id: <20180515095118.26282-1-rpalethorpe@suse.com> X-Mailer: git-send-email 2.16.3 MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.99.2 at in-5.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_PASS autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-5.smtp.seeweb.it Cc: Richard Palethorpe Subject: [LTP] [PATCH] read_all: Drop privileges X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.18 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" The LTP is usually run as root, which allows read_all_dev to read files which are usually protected from being read at random. This patch introduces the -p switch to read_all which is used to drop privileges (switch to the nobody user) for the read_all_dev test. If -p is set, but the current user does not have the capabilities to change the uid and gid, then the test will continue under the current user. This allows the most common scenarios to work as expected, but may cause difficulties for someone running the LTP under a semi-privileged user. Signed-off-by: Richard Palethorpe --- runtest/fs | 2 +- testcases/kernel/fs/read_all/read_all.c | 26 +++++++++++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/runtest/fs b/runtest/fs index 42a9bfcbf..a66948a43 100644 --- a/runtest/fs +++ b/runtest/fs @@ -69,7 +69,7 @@ fs_di fs_di -d $TMPDIR # Was not sure why it should reside in runtest/crashme and won´t get tested ever proc01 proc01 -m 128 -read_all_dev read_all -d /dev -e '/dev/watchdog?(0)' -q -r 10 +read_all_dev read_all -d /dev -p -q -r 10 read_all_proc read_all -d /proc -q -r 10 read_all_sys read_all -d /sys -q -r 10 diff --git a/testcases/kernel/fs/read_all/read_all.c b/testcases/kernel/fs/read_all/read_all.c index add3651c8..9c632c009 100644 --- a/testcases/kernel/fs/read_all/read_all.c +++ b/testcases/kernel/fs/read_all/read_all.c @@ -50,6 +50,7 @@ #include #include #include +#include #include "tst_test.h" @@ -88,6 +89,7 @@ static long worker_count; static char *str_max_workers; static long max_workers = 15; static struct worker *workers; +static char *drop_privs; static struct tst_option options[] = { {"v", &verbose, @@ -104,6 +106,8 @@ static struct tst_option options[] = { "-w count Set the worker count limit, the default is 15."}, {"W:", &str_worker_count, "-W count Override the worker count. Ignores (-w) and the processor count."}, + {"p", &drop_privs, + "-p Drop privileges; switch to the nobody user."}, {NULL, NULL, NULL} }; @@ -247,6 +251,24 @@ static int worker_run(struct worker *self) return 0; } +static void maybe_drop_privs(void) +{ + struct passwd *nobody; + + if (!drop_privs) + return; + + nobody = SAFE_GETPWNAM("nobody"); + + TEST(setgid(nobody->pw_gid)); + if (TEST_RETURN < 0 && TEST_ERRNO != EPERM) + tst_res(TBROK | TTERRNO, "Failed to use nobody gid"); + + TEST(setuid(nobody->pw_uid)); + if (TEST_RETURN < 0 && TEST_ERRNO != EPERM) + tst_res(TBROK | TTERRNO, "Failed to use nobody uid"); +} + static void spawn_workers(void) { int i; @@ -257,8 +279,10 @@ static void spawn_workers(void) for (i = 0; i < worker_count; i++) { wa[i].q = queue_init(); wa[i].pid = SAFE_FORK(); - if (!wa[i].pid) + if (!wa[i].pid) { + maybe_drop_privs(); exit(worker_run(wa + i)); + } } }