| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Jun 2023 19:14:33 +0800
From: Zhangjin Wu <falcon@...ylab.org>
To: thomas@...ch.de
Cc: arnd@...db.de, falcon@...ylab.org, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org, w@....eu
Subject: Re: [PATCH v2 13/15] selftests/nolibc: rename chroot_exe to chroot_tmpfile
Hi, Thomas
> On 2023-06-30 08:00:28+0800, Zhangjin Wu wrote:
> > For CONFIG_PROC_FS=n, let's use tmpfs and create a tmp file for
> > chroot_exe test.
> >
> > Since chroot_exe is mainly testing the not directory case (ENOTDIR), so,
> > rename it to chroot_tmpfile may be better.
> >
> > Signed-off-by: Zhangjin Wu <falcon@...ylab.org>
> > ---
> > tools/testing/selftests/nolibc/nolibc-test.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c
> > index 1002e0267515..2e9eaa7efa6e 100644
> > --- a/tools/testing/selftests/nolibc/nolibc-test.c
> > +++ b/tools/testing/selftests/nolibc/nolibc-test.c
> > @@ -682,6 +682,8 @@ int run_syscall(int min, int max)
> > int ret = 0;
> > void *p1, *p2;
> > int has_gettid = 1;
> > + const char *tmpfile = get_tmpfile("/tmp/dummy");
> > + int has_tmpfile = tmpfile != NULL;
> >
> > /* <proc> indicates whether or not /proc is mounted */
> > proc = stat("/proc", &stat_buf) == 0;
> > @@ -720,7 +722,7 @@ int run_syscall(int min, int max)
> > CASE_TEST(chown_self); EXPECT_SYSER(proc, chown("/proc/self", 0, 0), -1, EPERM); break;
> > CASE_TEST(chroot_root); EXPECT_SYSZR(euid0, chroot("/")); break;
> > CASE_TEST(chroot_blah); EXPECT_SYSER(1, chroot("/proc/self/blah"), -1, ENOENT); break;
> > - CASE_TEST(chroot_exe); EXPECT_SYSER(proc, chroot("/proc/self/exe"), -1, ENOTDIR); break;
> > + CASE_TEST(chroot_tmpfile); EXPECT_SYSER(has_tmpfile, chroot(tmpfile), -1, ENOTDIR); break;
>
> get_tempfile() looks really weird.
Yes, it is, it has been used in another patch, but now, only has one user, let's remove it.
> Given that the nolibc implementation of chroot() is the most trivial
> imaginable in my opinion we can keep the current "chroot_exe" that is
> using procfs.
>
Just did some new tests, what about this one?
- CASE_TEST(chroot_exe); EXPECT_SYSER(proc, chroot("/proc/self/exe"), -1, ENOTDIR); break;
+ CASE_TEST(chroot_exe); EXPECT_SYSER2(1, chroot(proc ? "/proc/self/exe" : "/init"), -1, ENOENT, ENOTDIR); break;
"/init" added for !procfs, and ENOENT added for !/init ;-)
And for the chmod_tmpfile, it is changed to chmod_tmpdir like this:
CASE_TEST(chmod_tmpdir); mkdir("/tmp/blah", 0755); EXPECT_SYSZR(1, chmod("/tmp/blah", 0555)); rmdir("/tmp/blah"); break;
Not sure if it is possible to use a syscall to return the file path from the fd
without /proc/self/fd/<N>, if so, we could use the open(, O_TMPFILE...) method
to get a random tmpfile, just like the mktemp command does, will run strace on
it ;-)
Thanks,
Zhangjin
> > CASE_TEST(close_m1); EXPECT_SYSER(1, close(-1), -1, EBADF); break;
> > CASE_TEST(close_dup); EXPECT_SYSZR(1, close(dup(0))); break;
> > CASE_TEST(dup_0); tmp = dup(0); EXPECT_SYSNE(1, tmp, -1); close(tmp); break;
> > --
> > 2.25.1
> >
Powered by blists - more mailing lists