From patchwork Sat May 19 09:22:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiao Yang X-Patchwork-Id: 916803 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cn.fujitsu.com Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40p0HH0KB0z9s4n for ; Sat, 19 May 2018 19:34:16 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 0640E3E6E98 for ; Sat, 19 May 2018 11:34:13 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-2.smtp.seeweb.it (in-2.smtp.seeweb.it [217.194.8.2]) by picard.linux.it (Postfix) with ESMTP id F16293E649C for ; Sat, 19 May 2018 11:34:10 +0200 (CEST) Received: from heian.cn.fujitsu.com (unknown [183.91.158.132]) by in-2.smtp.seeweb.it (Postfix) with ESMTP id 9F848600A72 for ; Sat, 19 May 2018 11:34:06 +0200 (CEST) X-IronPort-AV: E=Sophos;i="5.43,368,1503331200"; d="scan'208";a="40109989" Received: from localhost (HELO cn.fujitsu.com) ([10.167.33.5]) by heian.cn.fujitsu.com with ESMTP; 19 May 2018 17:33:53 +0800 Received: from G08CNEXCHPEKD03.g08.fujitsu.local (unknown [10.167.33.85]) by cn.fujitsu.com (Postfix) with ESMTP id 5A76B4B3ED6D; Sat, 19 May 2018 17:33:51 +0800 (CST) Received: from RHEL7U5Alpha_SERVER.g08.fujitsu.local (10.167.220.185) by G08CNEXCHPEKD03.g08.fujitsu.local (10.167.33.89) with Microsoft SMTP Server (TLS) id 14.3.399.0; Sat, 19 May 2018 17:33:52 +0800 From: Xiao Yang To: Date: Sat, 19 May 2018 17:22:20 +0800 Message-ID: <1526721740-8382-1-git-send-email-yangx.jy@cn.fujitsu.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <20180518170933.GA5094@rei> References: <20180518170933.GA5094@rei> MIME-Version: 1.0 X-Originating-IP: [10.167.220.185] X-yoursite-MailScanner-ID: 5A76B4B3ED6D.AB3D2 X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-From: yangx.jy@cn.fujitsu.com X-Spam-Status: No, score=1.3 required=7.0 tests=RDNS_NONE autolearn=disabled version=3.4.0 X-Virus-Scanned: clamav-milter 0.99.2 at in-2.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-2.smtp.seeweb.it Cc: ltp@lists.linux.it Subject: [LTP] [PATCH] fs/read_all: Clear suplementary groups before droping privileges X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.18 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Current user(e.g. root) has its own suplementary group set when logged in. Which means that even when a program sets it's user and group ids to nobody the current group still stays in the list of supplementary groups, which then is matched for files with the current group ownership and hence we can still access the file. For example, if /dev/watchdog has root group ownership and rw group permissions, running read_all_dev can still open /dev/watchdog and reboot system even after switching user and group ids from root to nobody. We need to clear suplementary groups before droping privileges and keep the same rule as commit 1f011e5 if current user doesn't have the capabilities to clear suplementary groups. Signed-off-by: Xiao Yang --- testcases/kernel/fs/read_all/read_all.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/testcases/kernel/fs/read_all/read_all.c b/testcases/kernel/fs/read_all/read_all.c index a8e1611..acd8e73 100644 --- a/testcases/kernel/fs/read_all/read_all.c +++ b/testcases/kernel/fs/read_all/read_all.c @@ -258,6 +258,12 @@ static void maybe_drop_privs(void) if (!drop_privs) return; + TEST(setgroups(0, NULL)); + if (TEST_RETURN < 0 && TEST_ERRNO != EPERM) { + tst_brk(TBROK | TTERRNO, + "Failed to clear suplementary group set"); + } + nobody = SAFE_GETPWNAM("nobody"); TEST(setgid(nobody->pw_gid));