From patchwork Wed Dec 13 11:44:50 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefan Liebler <stli@linux.ibm.com>
X-Patchwork-Id: 1875604
Return-Path: <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256
 header.s=pp1 header.b=SbLDwrbx;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org
 (client-ip=8.43.85.97; helo=server2.sourceware.org;
 envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org;
 receiver=patchwork.ozlabs.org)
Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4SqtvW3LmTz20LX
	for <incoming@patchwork.ozlabs.org>; Wed, 13 Dec 2023 22:45:11 +1100 (AEDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 23D06385B515
	for <incoming@patchwork.ozlabs.org>; Wed, 13 Dec 2023 11:45:09 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1])
 by sourceware.org (Postfix) with ESMTPS id 717723858C78
 for <libc-alpha@sourceware.org>; Wed, 13 Dec 2023 11:44:59 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 717723858C78
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=linux.ibm.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linux.ibm.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 717723858C78
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=148.163.156.1
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1702467901; cv=none;
 b=it318o75wdNn5aXhZPMcU4fjaRAN2UC+T1WgUSCfB6wbsFx4JlnWt5uFn0nseK5q+5LtjqYiH5v5weKsCkcC6338WcedT42gjIPwctGk8z5AjM+XCxbqBNVkeVsoFHIBFu+0n87TKyw97bAZrNTvS7g7yo23Fo+dj3vEL3r5FaY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1702467901; c=relaxed/simple;
 bh=0dIrU/a+WnEpfqEaddwqpbUjXx/p8QSv350WU9aMEyI=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=pNCide34QS22dVAYF9ylLb3WiiCM/uJJkVZCxARK+0Z+4y1Jv9wUldsegNqCGh5N7Qa82O4tsCLyz+O5YeP6o5wnFrPEEHDhm7Lpa7wYDgFU4qXNRr+UVI5oH7ISG0k2eqM+T0DkykJbk4HwmBMeEKL9i2TaI6lbxkfR2S/OEa0=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from pps.filterd (m0360083.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 3BDBKoU5002686; Wed, 13 Dec 2023 11:44:57 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com;
 h=from : to : cc : subject
 : date : message-id : mime-version : content-transfer-encoding; s=pp1;
 bh=DyFmmu9Rhu0xNVtv8qOQRkRxB8zSVWqAcRG130mB9DI=;
 b=SbLDwrbxJY6dBpf4BufQmSom2qig0Oqj8NB7nElMPqcWmA1X3rU+YKDPYP02eg51v5Zs
 t0ad3HFPSz25b6WDa0TWIiUdv6OXyDa5+PCukVZ8TdPmxq1Z3Bd0Fmb36mh4mVL5HMbf
 TAV9kB8YtdF6Dcx7gWI836aGdA/eQ8TdUNeRsPdZMfeLQ86xsgpUa4WUtCa38kPKZxEG
 Lw0Lsv57ekFSjY3JnYzThjAv2qsU14HDUKYwcIG69fE/1Z5tx50Ga9VAxtB8LR61PTLP
 c/JCyTbIIMlcFRzhoHjqCgdRDm+DU+8uVJix0KNOszxqzW4KLVetTOzBrDdPKRvu1IIP nQ==
Received: from ppma21.wdc07v.mail.ibm.com
 (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91])
 by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3uyajejr01-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Wed, 13 Dec 2023 11:44:57 +0000
Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1])
 by ppma21.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id
 3BD9EYKo012585; Wed, 13 Dec 2023 11:44:56 GMT
Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227])
 by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3uw3jp0evs-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Wed, 13 Dec 2023 11:44:55 +0000
Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com
 [10.20.54.106])
 by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 3BDBiqX118481744
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Wed, 13 Dec 2023 11:44:53 GMT
Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id CE7C520043;
 Wed, 13 Dec 2023 11:44:52 +0000 (GMT)
Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id AE99B20040;
 Wed, 13 Dec 2023 11:44:52 +0000 (GMT)
Received: from a3545025.lnxne.boe (unknown [9.152.108.100])
 by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP;
 Wed, 13 Dec 2023 11:44:52 +0000 (GMT)
From: Stefan Liebler <stli@linux.ibm.com>
To: libc-alpha@sourceware.org
Cc: adhemerval.zanella@linaro.org, Stefan Liebler <stli@linux.ibm.com>
Subject: [PATCH] Fix elf/tst-env-setuid[-static] if test needs to be rerun.
Date: Wed, 13 Dec 2023 12:44:50 +0100
Message-ID: <20231213114450.501138-1-stli@linux.ibm.com>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: wywHQYkszi9YZw7qS0D-csJesnxDMj8R
X-Proofpoint-GUID: wywHQYkszi9YZw7qS0D-csJesnxDMj8R
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2023-12-13_03,2023-12-13_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 adultscore=0 impostorscore=0
 lowpriorityscore=0 clxscore=1015 suspectscore=0 bulkscore=0 spamscore=0
 phishscore=0 malwarescore=0 priorityscore=1501 mlxscore=0 mlxlogscore=961
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000
 definitions=main-2312130085
X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,
 SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE,
 URIBL_BLACK autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org

If /tmp is mounted nosuid and make xcheck is run,
then tst-env-setuid fails UNSUPPORTED with "SGID failed: GID and EGID match"
and /var/tmp/tst-sonamemove-runmod1.so.profile is created.

If you then try to rerun the test with a suid mounted test-dir
(the SGID binary is created in test-dir which defaults to /tmp)
with something like that:
make tst-env-setuid-ENV="TMPDIR=..." t=elf/tst-env-setuid test
the test fails as the LD_PROFILE output file is still available
from the previous run.

Thus this patch removes the LD_PROFILE output file in parent
before spawning the SGID binary.

Even if LD_PROFILE is not supported anymore in static binaries,
use a different library and thus output file for tst-env-setuid
and tst-env-setuid-static in order to not interfere if both
tests are run in parallel.

Furthermore the checks in test_child are now more verbose.
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
---
 elf/Makefile                |  1 +
 elf/tst-env-setuid-static.c |  1 +
 elf/tst-env-setuid.c        | 46 ++++++++++++++++++++++++++++++++-----
 3 files changed, 42 insertions(+), 6 deletions(-)

diff --git a/elf/Makefile b/elf/Makefile
index afec7be084..87aac923ba 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -3015,6 +3015,7 @@ tst-env-setuid-ARGS = -- $(host-test-program-cmd)
 
 # Reuse a module with a SONAME, to specific as the LD_PROFILE.
 $(objpfx)tst-env-setuid: $(objpfx)tst-sonamemove-runmod2.so
+$(objpfx)tst-env-setuid-static.out: $(objpfx)tst-sonamemove-runmod1.so
 
 # The object tst-nodeps1-mod.so has no explicit dependencies on libc.so.
 $(objpfx)tst-nodeps1-mod.so: $(objpfx)tst-nodeps1-mod.os
diff --git a/elf/tst-env-setuid-static.c b/elf/tst-env-setuid-static.c
index 0d88ae88b9..162d9169ec 100644
--- a/elf/tst-env-setuid-static.c
+++ b/elf/tst-env-setuid-static.c
@@ -1 +1,2 @@
+#define PROFILE_LIB      "tst-sonamemove-runmod1.so"
 #include "tst-env-setuid.c"
diff --git a/elf/tst-env-setuid.c b/elf/tst-env-setuid.c
index 9fa591a136..b4f0e547a7 100644
--- a/elf/tst-env-setuid.c
+++ b/elf/tst-env-setuid.c
@@ -36,7 +36,9 @@ static char SETGID_CHILD[] = "setgid-child";
 #define UNFILTERED_VALUE "some-unfiltered-value"
 /* It assumes no other programs is being profile with a library with same
    SONAME using the default folder.  */
-#define PROFILE_LIB      "tst-sonamemove-runmod2.so"
+#ifndef PROFILE_LIB
+# define PROFILE_LIB      "tst-sonamemove-runmod2.so"
+#endif
 
 struct envvar_t
 {
@@ -53,7 +55,7 @@ static const struct envvar_t filtered_envvars[] =
   { "LD_HWCAP_MASK",           FILTERED_VALUE },
   { "LD_LIBRARY_PATH",         FILTERED_VALUE },
   { "LD_PRELOAD",              FILTERED_VALUE },
-  { "LD_PROFILE",              "tst-sonamemove-runmod2.so" },
+  { "LD_PROFILE",              PROFILE_LIB },
   { "MALLOC_ARENA_MAX",        FILTERED_VALUE },
   { "MALLOC_PERTURB_",         FILTERED_VALUE },
   { "MALLOC_TRACE",            FILTERED_VALUE },
@@ -83,7 +85,12 @@ test_child (void)
        e++)
     {
       const char *env = getenv (e->env);
-      ret |= env != NULL;
+      if (env != NULL)
+	{
+	  printf ("FAIL: filtered environment variable is not NULL: %s=%s\n",
+		  e->env, env);
+	  ret = 1;
+	}
     }
 
   for (const struct envvar_t *e = unfiltered_envvars;
@@ -91,13 +98,30 @@ test_child (void)
        e++)
     {
       const char *env = getenv (e->env);
-      ret |= !(env != NULL && strcmp (env, e->value) == 0);
+      if (!(env != NULL && strcmp (env, e->value) == 0))
+	{
+	  if (env == NULL)
+	    printf ("FAIL: unfiltered environment variable %s is NULL\n",
+		    e->env);
+	  else
+	    printf ("FAIL: unfiltered environment variable %s=%s != %s\n",
+		    e->env, env, e->value);
+
+	  ret = 1;
+	}
     }
 
-  /* Also check if no profile file was created.  */
+  /* Also check if no profile file was created.
+     The parent sets LD_DEBUG_OUTPUT="/tmp/some-file"
+     which should be filtered.  Then it falls back to "/var/tmp".
+     Note: LD_PROFILE is not supported for static binaries.  */
   {
     char *profilepath = xasprintf ("/var/tmp/%s.profile", PROFILE_LIB);
-    ret |= !access (profilepath, R_OK);
+    if (!access (profilepath, R_OK))
+      {
+	printf ("FAIL: LD_PROFILE file at %s was created!\n", profilepath);
+	ret = 1;
+      }
     free (profilepath);
   }
 
@@ -141,6 +165,16 @@ do_test (int argc, char **argv)
 	   e++)
 	setenv (e->env, e->value, 1);
 
+      /* Ensure that the profile output does not exist from a previous run
+	 (e.g. if test_dir, which defaults to /tmp, is mounted nosuid.)
+	 Note: support_capture_subprogram_self_sgid creates the SGID binary
+	 in test_dir.  */
+      {
+	char *profilepath = xasprintf ("/var/tmp/%s.profile", PROFILE_LIB);
+	unlink (profilepath);
+	free (profilepath);
+      }
+
       int status = support_capture_subprogram_self_sgid (SETGID_CHILD);
 
       if (WEXITSTATUS (status) == EXIT_UNSUPPORTED)