lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 27 Jun 2017 14:10:32 +0530
From:   Naresh Kamboju <naresh.kamboju@...aro.org>
To:     luto@...nel.org, keescook@...omium.org
Cc:     Shuah Khan <shuahkh@....samsung.com>,
        linux-kselftest@...r.kernel.org,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: selftests/capabilities: test FAIL on linux mainline and linux-next
 and PASS on linux-4.4.70+

selftest capabilities test failed on linux mainline and linux-next and
PASS on linux-4.4.70+
Tested on HiKey ARM64 Development board.

A bug reported in Linaro bug tracking system,
LKFT: Capabilities test_execve fail Wrong effective state AT_SECURE is not set
https://bugs.linaro.org/show_bug.cgi?id=2947

Please guide me to debug the reason for failure.
Kernel config link,
https://pastebin.com/P1uYmdMG

Linux version 4.12.0-rc7-00004-gda8b14e (buildslave@...-64-08) (gcc
version 6.2.1 20161016 (Linaro GCC 6.2-2016.11) ) #1 SMP PREEMPT Mon
Jun 26 20:04:35 UTC 2017

Linux version 4.12.0-rc7-next-20170627 (buildslave@...-64-07) (gcc
version 6.2.1 20161016 (Linaro GCC 6.2-2016.11)) #1 SMP PREEMPT Tue
Jun 27 06:33:39 UTC 2017

LAVA job id:
https://lkft.validation.linaro.org/scheduler/job/4397#L1412

Running tests in capabilities
========================================
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[FAIL] Wrong effective state (AT_SECURE is not set)
[OK] Capabilities after execve were correct
[FAIL] Wrong ambient state (AT_SECURE is not set)
[FAIL] Wrong ambient state (AT_SECURE is not set)
[RUN] +++ Tests with uid == 0 +++
[NOTE] Using global UIDs for tests
[RUN] Root => ep
[OK] Child succeeded
[OK] Check cap_ambient manipulation rules
[OK] PR_CAP_AMBIENT_RAISE failed on non-inheritable cap
[OK] PR_CAP_AMBIENT_RAISE failed on non-permitted cap
[OK] PR_CAP_AMBIENT_RAISE worked
[OK] Basic manipulation appears to work
[RUN] Root +i => eip
[OK] Child succeeded
[RUN] UID 0 +ia => eipa
[OK] Child succeeded
[RUN] Root +ia, suidroot => eipa
[OK] Child succeeded
[RUN] Root +ia, suidnonroot => ip
[FAIL] Child failed
[RUN] Root +ia, sgidroot => eipa
[OK] Child succeeded
[FAIL] Child failed
[RUN] Root +ia, sgidnonroot => eip
[FAIL] Child failed
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[FAIL] Wrong effective state (AT_SECURE is not set)
[FAIL] Child failed
[FAIL] Child failed
selftests: test_execve [FAIL]

capabilities test PASS on Linux-4.4.70+.

Running tests in capabilities
========================================
case: step_after_suspend_test
definition: 1_kselftest
result: skip
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[RUN] +++ Tests with uid == 0 +++
[NOTE] Using global UIDs for tests
[RUN] Root => ep
[OK] Child succeeded
[OK] Check cap_ambient manipulation rules
[OK] PR_CAP_AMBIENT_RAISE failed on non-inheritable cap
[OK] PR_CAP_AMBIENT_RAISE failed on non-permitted cap
[OK] PR_CAP_AMBIENT_RAISE worked
[OK] Basic manipulation appears to work
[RUN] Root +i => eip
[OK] Child succeeded
[RUN] UID 0 +ia => eipa
[OK] Child succeeded
[RUN] Root +ia, suidroot => eipa
[OK] Child succeeded
[RUN] Root +ia, suidnonroot => ip
[OK] Child succeeded
[RUN] Root +ia, sgidroot => eipa
[OK] Child succeeded
[OK] Child succeeded
[RUN] Root +ia, sgidnonroot => eip
[OK] Child succeeded
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Capabilities after execve were correct
[OK] Child succeeded
[OK] Child succeeded
selftests: test_execve [PASS]

Thanks and best regards,
Naresh Kamboju

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ