|
|
b9a53a |
From b39697a80ad388e2063c54e56333882f4307c1a1 Mon Sep 17 00:00:00 2001
|
|
|
b9a53a |
From: Jan Synacek <jsynacek@redhat.com>
|
|
|
b9a53a |
Date: Tue, 12 Nov 2019 13:27:49 +0100
|
|
|
b9a53a |
Subject: [PATCH] test: add test case for restrict_suid_sgid()
|
|
|
b9a53a |
|
|
|
b9a53a |
(cherry picked from commit 167fc10cb352b04d442c9010dab4f8dc24219749)
|
|
|
b9a53a |
Related: #1687512
|
|
|
b9a53a |
---
|
|
|
b9a53a |
src/test/test-seccomp.c | 226 ++++++++++++++++++++++++++++++++++++++++
|
|
|
b9a53a |
1 file changed, 226 insertions(+)
|
|
|
b9a53a |
|
|
|
b9a53a |
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
|
|
|
b9a53a |
index d177515ac7..4021a06e0e 100644
|
|
|
b9a53a |
--- a/src/test/test-seccomp.c
|
|
|
b9a53a |
+++ b/src/test/test-seccomp.c
|
|
|
b9a53a |
@@ -17,9 +17,11 @@
|
|
|
b9a53a |
#include "nsflags.h"
|
|
|
b9a53a |
#include "process-util.h"
|
|
|
b9a53a |
#include "raw-clone.h"
|
|
|
b9a53a |
+#include "rm-rf.h"
|
|
|
b9a53a |
#include "seccomp-util.h"
|
|
|
b9a53a |
#include "set.h"
|
|
|
b9a53a |
#include "string-util.h"
|
|
|
b9a53a |
+#include "umask-util.h"
|
|
|
b9a53a |
#include "util.h"
|
|
|
b9a53a |
#include "virt.h"
|
|
|
b9a53a |
|
|
|
b9a53a |
@@ -666,6 +668,229 @@ static void test_filter_sets_ordered(void) {
|
|
|
b9a53a |
}
|
|
|
b9a53a |
}
|
|
|
b9a53a |
|
|
|
b9a53a |
+static int mkostemp_safe(char *pattern) {
|
|
|
b9a53a |
+ _unused_ _cleanup_umask_ mode_t u = umask(0077);
|
|
|
b9a53a |
+ int fd;
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert(pattern);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ fd = mkostemp(pattern, O_CLOEXEC);
|
|
|
b9a53a |
+ if (fd < 0)
|
|
|
b9a53a |
+ return -errno;
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ return fd;
|
|
|
b9a53a |
+}
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+static int real_open(const char *path, int flags, mode_t mode) {
|
|
|
b9a53a |
+ /* glibc internally calls openat() when open() is requested. Let's hence define our own wrapper for
|
|
|
b9a53a |
+ * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On
|
|
|
b9a53a |
+ * other architectures, let's just fall back to the glibc call. */
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+#ifdef SYS_open
|
|
|
b9a53a |
+ return (int) syscall(SYS_open, path, flags, mode);
|
|
|
b9a53a |
+#else
|
|
|
b9a53a |
+ return open(path, flags, mode);
|
|
|
b9a53a |
+#endif
|
|
|
b9a53a |
+}
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+static void test_restrict_suid_sgid(void) {
|
|
|
b9a53a |
+ pid_t pid;
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ log_info("/* %s */", __func__);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ if (!is_seccomp_available()) {
|
|
|
b9a53a |
+ log_notice("Seccomp not available, skipping %s", __func__);
|
|
|
b9a53a |
+ return;
|
|
|
b9a53a |
+ }
|
|
|
b9a53a |
+ if (geteuid() != 0) {
|
|
|
b9a53a |
+ log_notice("Not root, skipping %s", __func__);
|
|
|
b9a53a |
+ return;
|
|
|
b9a53a |
+ }
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ pid = fork();
|
|
|
b9a53a |
+ assert_se(pid >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ if (pid == 0) {
|
|
|
b9a53a |
+ char path[] = "/tmp/suidsgidXXXXXX", dir[] = "/tmp/suidsgiddirXXXXXX";
|
|
|
b9a53a |
+ int fd = -1, k = -1;
|
|
|
b9a53a |
+ const char *z;
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ fd = mkostemp_safe(path);
|
|
|
b9a53a |
+ assert_se(fd >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(mkdtemp(dir));
|
|
|
b9a53a |
+ z = strjoina(dir, "/test");
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(chmod(path, 0755 | S_ISUID) >= 0);
|
|
|
b9a53a |
+ assert_se(chmod(path, 0755 | S_ISGID) >= 0);
|
|
|
b9a53a |
+ assert_se(chmod(path, 0755 | S_ISGID | S_ISUID) >= 0);
|
|
|
b9a53a |
+ assert_se(chmod(path, 0755) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(fchmod(fd, 0755 | S_ISUID) >= 0);
|
|
|
b9a53a |
+ assert_se(fchmod(fd, 0755 | S_ISGID) >= 0);
|
|
|
b9a53a |
+ assert_se(fchmod(fd, 0755 | S_ISGID | S_ISUID) >= 0);
|
|
|
b9a53a |
+ assert_se(fchmod(fd, 0755) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISUID, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = creat(z, 0644 | S_ISUID);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = creat(z, 0644 | S_ISGID);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = creat(z, 0644 | S_ISUID | S_ISGID);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = creat(z, 0644);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ k = openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(mkdir(z, 0755 | S_ISUID) >= 0);
|
|
|
b9a53a |
+ assert_se(rmdir(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mkdir(z, 0755 | S_ISGID) >= 0);
|
|
|
b9a53a |
+ assert_se(rmdir(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mkdir(z, 0755 | S_ISUID | S_ISGID) >= 0);
|
|
|
b9a53a |
+ assert_se(rmdir(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mkdir(z, 0755) >= 0);
|
|
|
b9a53a |
+ assert_se(rmdir(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISUID) >= 0);
|
|
|
b9a53a |
+ assert_se(rmdir(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISGID) >= 0);
|
|
|
b9a53a |
+ assert_se(rmdir(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISUID | S_ISGID) >= 0);
|
|
|
b9a53a |
+ assert_se(rmdir(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mkdirat(AT_FDCWD, z, 0755) >= 0);
|
|
|
b9a53a |
+ assert_se(rmdir(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(mknod(z, S_IFREG | 0755 | S_ISUID, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mknod(z, S_IFREG | 0755 | S_ISGID, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mknod(z, S_IFREG | 0755 | S_ISUID | S_ISGID, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mknod(z, S_IFREG | 0755, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISUID, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISGID, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISUID | S_ISGID, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+ assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(seccomp_restrict_suid_sgid() >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(chmod(path, 0775 | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(chmod(path, 0775 | S_ISGID | S_ISUID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(chmod(path, 0775) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(fchmod(fd, 0775 | S_ISUID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(fchmod(fd, 0775 | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(fchmod(fd, 0775 | S_ISGID | S_ISUID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(fchmod(fd, 0775) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISUID, 0) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID, 0) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(creat(z, 0644 | S_ISUID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(creat(z, 0644 | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(creat(z, 0644 | S_ISUID | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ k = creat(z, 0644);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ k = openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644);
|
|
|
b9a53a |
+ k = safe_close(k);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(mkdir(z, 0755 | S_ISUID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mkdir(z, 0755 | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mkdir(z, 0755 | S_ISUID | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mkdir(z, 0755) >= 0);
|
|
|
b9a53a |
+ assert_se(rmdir(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISUID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISUID | S_ISGID) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mkdirat(AT_FDCWD, z, 0755) >= 0);
|
|
|
b9a53a |
+ assert_se(rmdir(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(mknod(z, S_IFREG | 0755 | S_ISUID, 0) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mknod(z, S_IFREG | 0755 | S_ISGID, 0) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mknod(z, S_IFREG | 0755 | S_ISUID | S_ISGID, 0) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mknod(z, S_IFREG | 0755, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISUID, 0) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISGID, 0) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISUID | S_ISGID, 0) < 0 && errno == EPERM);
|
|
|
b9a53a |
+ assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755, 0) >= 0);
|
|
|
b9a53a |
+ assert_se(unlink(z) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(unlink(path) >= 0);
|
|
|
b9a53a |
+ assert_se(rm_rf(dir, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ _exit(EXIT_SUCCESS);
|
|
|
b9a53a |
+ }
|
|
|
b9a53a |
+
|
|
|
b9a53a |
+ assert_se(wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS);
|
|
|
b9a53a |
+}
|
|
|
b9a53a |
+
|
|
|
b9a53a |
int main(int argc, char *argv[]) {
|
|
|
b9a53a |
|
|
|
b9a53a |
log_set_max_level(LOG_DEBUG);
|
|
|
b9a53a |
@@ -684,6 +909,7 @@ int main(int argc, char *argv[]) {
|
|
|
b9a53a |
test_load_syscall_filter_set_raw();
|
|
|
b9a53a |
test_lock_personality();
|
|
|
b9a53a |
test_filter_sets_ordered();
|
|
|
b9a53a |
+ test_restrict_suid_sgid();
|
|
|
b9a53a |
|
|
|
b9a53a |
return 0;
|
|
|
b9a53a |
}
|