From patchwork Tue May 5 20:17:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Sandeen X-Patchwork-Id: 11529857 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 31093139A for ; Tue, 5 May 2020 20:17:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 176BD2068E for ; Tue, 5 May 2020 20:17:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="H8bJkNB0" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728512AbgEEURo (ORCPT ); Tue, 5 May 2020 16:17:44 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:24954 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727785AbgEEURo (ORCPT ); Tue, 5 May 2020 16:17:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1588709862; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=KBN+FpciITNooTtiOKHKgabsIkfLhNM5u+/Y9VNIkiI=; b=H8bJkNB0D0jJdUiURN1z3tvpO3U6kt6x4i2poCQ4B1/wcwOCYUxxGpV0TQcf0WeJ/LzHws NctCcfGN9fIYTrfE7hhhl2YcNsgERpdQV5SDgoQOzkucBUu+M+fQqW95ATr/JM1SLDJcHp 0/RhOM5ex7qZ+haaIuNwS3+R/VNNSC0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-302-mPhs1ppkPEy2eu6G7wHJsw-1; Tue, 05 May 2020 16:17:40 -0400 X-MC-Unique: mPhs1ppkPEy2eu6G7wHJsw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 145B8461 for ; Tue, 5 May 2020 20:17:40 +0000 (UTC) Received: from [IPv6:::1] (ovpn04.gateway.prod.ext.phx2.redhat.com [10.5.9.4]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CB66B5D785 for ; Tue, 5 May 2020 20:17:39 +0000 (UTC) Subject: [PATCH 1/3] fstests: add _require_sysctl helper From: Eric Sandeen To: fstests References: <99a3164b-ee00-113c-e0aa-41eab9633364@redhat.com> Autocrypt: addr=sandeen@redhat.com; prefer-encrypt=mutual; keydata= mQINBE6x99QBEADMR+yNFBc1Y5avoUhzI/sdR9ANwznsNpiCtZlaO4pIWvqQJCjBzp96cpCs nQZV32nqJBYnDpBDITBqTa/EF+IrHx8gKq8TaSBLHUq2ju2gJJLfBoL7V3807PQcI18YzkF+ WL05ODFQ2cemDhx5uLghHEeOxuGj+1AI+kh/FCzMedHc6k87Yu2ZuaWF+Gh1W2ix6hikRJmQ vj5BEeAx7xKkyBhzdbNIbbjV/iGi9b26B/dNcyd5w2My2gxMtxaiP7q5b6GM2rsQklHP8FtW ZiYO7jsg/qIppR1C6Zr5jK1GQlMUIclYFeBbKggJ9mSwXJH7MIftilGQ8KDvNuV5AbkronGC sEEHj2khs7GfVv4pmUUHf1MRIvV0x3WJkpmhuZaYg8AdJlyGKgp+TQ7B+wCjNTdVqMI1vDk2 BS6Rg851ay7AypbCPx2w4d8jIkQEgNjACHVDU89PNKAjScK1aTnW+HNUqg9BliCvuX5g4z2j gJBs57loTWAGe2Ve3cMy3VoQ40Wt3yKK0Eno8jfgzgb48wyycINZgnseMRhxc2c8hd51tftK LKhPj4c7uqjnBjrgOVaVBupGUmvLiePlnW56zJZ51BR5igWnILeOJ1ZIcf7KsaHyE6B1mG+X dmYtjDhjf3NAcoBWJuj8euxMB6TcQN2MrSXy5wSKaw40evooGwARAQABtCRFcmljIFIuIFNh bmRlZW4gPHNhbmRlZW5AcmVkaGF0LmNvbT6JAjgEEwECACIFAk6yrl4CGwMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAAoJECCuFpLhPd7gh2kP/A6CRmIF2MSttebyBk+6Ppx47ct+Kcmp YokwfI9iahSPiQ+LmmBZE+PMYesE+8+lsSiAvzz6YEXsfWMlGzHiqiE76d2xSOYVPO2rX7xl 4T2J98yZlYrjMDmQ6gpFe0ZBpVl45CFUYkBaeulEMspzaYLH6zGsPjgfVJyYnW94ZXLWcrST ixBPJcDtk4j6jrbY3K8eVFimK+RSq6CqZgUZ+uaDA/wJ4kHrYuvM3QPbsHQr/bYSNkVAFxgl G6a4CSJ4w70/dT9FFb7jzj30nmaBmDFcuC+xzecpcflaLvuFayuBJslMp4ebaL8fglvntWsQ ZM8361Ckjt82upo2JRYiTrlE9XiSEGsxW3EpdFT3vUmIlgY0/Xo5PGv3ySwcFucRUk1Q9j+Z X4gCaX5sHpQM03UTaDx4jFdGqOLnTT1hfrMQZ3EizVbnQW9HN0snm9lD5P6O1dxyKbZpevfW BfwdQ35RXBbIKDmmZnwJGJgYl5Bzh5DlT0J7oMVOzdEVYipWx82wBqHVW4I1tPunygrYO+jN n+BLwRCOYRJm5BANwYx0MvWlm3Mt3OkkW2pbX+C3P5oAcxrflaw3HeEBi/KYkygxovWl93IL TsW03R0aNcI6bSdYR/68pL4ELdx7G/SLbaHf28FzzUFjRvN55nBoMePOFo1O6KtkXXQ4GbXV ebdvuQINBE6x99QBEADQOtSJ9OtdDOrE7xqJA4Lmn1PPbk2n9N+m/Wuh87AvxU8Ey8lfg/mX VXbJ3vQxlFRWCOYLJ0TLEsnobZjIc7YhlMRqNRjRSn5vcSs6kulnCG+BZq2OJ+mPpsFIq4Nd 5OGoV2SmEXmQCaB9UAiRqflLFYrf5LRXYX+jGy0hWIGEyEPAjpexGWdUGgsthwSKXEDYWVFR Lsw5kaZEmRG10YPmShVlIzrFVlBKZ8QFphD9YkEYlB0/L3ieeUBWfeUff43ule81S4IZX63h hS3e0txG4ilgEI5aVztumB4KmzldrR0hmAnwui67o4Enm9VeM/FOWQV1PRLT+56sIbnW7ynq wZEudR4BQaRB8hSoZSNbasdpeBY2/M5XqLe1/1hqJcqXdq8Vo1bWQoGzRPkzVyeVZlRS2XqT TiXPk6Og1j0n9sbJXcNKWRuVdEwrzuIthBKtxXpwXP09GXi9bUsZ9/fFFAeeB43l8/HN7xfk 0TeFv5JLDIxISonGFVNclV9BZZbR1DE/sc3CqY5ZgX/qb7WAr9jaBjeMBCexZOu7hFVNkacr AQ+Y4KlJS+xNFexUeCxYnvSp3TI5KNa6K/hvy+YPf5AWDK8IHE8x0/fGzE3l62F4sw6BHBak ufrI0Wr/G2Cz4QKAb6BHvzJdDIDuIKzm0WzY6sypXmO5IwaafSTElQARAQABiQIfBBgBAgAJ BQJOsffUAhsMAAoJECCuFpLhPd7gErAP/Rk46ZQ05kJI4sAyNnHea1i2NiB9Q0qLSSJg+94a hFZOpuKzxSK0+02sbhfGDMs6KNJ04TNDCR04in9CdmEY2ywx6MKeyW4rQZB35GQVVY2ZxBPv yEF4ZycQwBdkqrtuQgrO9zToYWaQxtf+ACXoOI0a/RQ0Bf7kViH65wIllLICnewD738sqPGd N51fRrKBcDquSlfRjQW83/11+bjv4sartYCoE7JhNTcTr/5nvZtmgb9wbsA0vFw+iiUs6tTj eioWcPxDBw3nrLhV8WPf+MMXYxffG7i/Y6OCVWMwRgdMLE/eanF6wYe6o6K38VH6YXQw/0kZ +PrH5uP/0kwG0JbVtj9o94x08ZMm9eMa05VhuUZmtKNdGfn75S7LfoK+RyuO7OJIMb4kR7Eb FzNbA3ias5BaExPknJv7XwI74JbEl8dpheIsRbt0jUDKcviOOfhbQxKJelYNTD5+wE4+TpqH XQLj5HUlzt3JSwqSwx+++FFfWFMheG2HzkfXrvTpud5NrJkGGVn+ErXy6pNf6zSicb+bUXe9 i92UTina2zWaaLEwXspqM338TlFC2JICu8pNt+wHpPCjgy2Ei4u5/4zSYjiA+X1I+V99YJhU +FpT2jzfLUoVsP/6WHWmM/tsS79i50G/PsXYzKOHj/0ZQCKOsJM14NMMCC8gkONe4tek Message-ID: <2989bb14-5d77-5e91-d415-2a5bdfcff7a6@redhat.com> Date: Tue, 5 May 2020 15:17:38 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <99a3164b-ee00-113c-e0aa-41eab9633364@redhat.com> Content-Language: en-US X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Sender: fstests-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: fstests@vger.kernel.org New _require_sysctl test to ensure that the sysctl we wish to test is available on the system. Signed-off-by: Eric Sandeen Reviewed-by: Bill O'Donnell diff --git a/common/rc b/common/rc index 2000bd9d..2734dbf6 100644 --- a/common/rc +++ b/common/rc @@ -4208,6 +4208,12 @@ _require_bsd_process_accounting() $ACCTON_PROG off >> $seqres.full } +_require_sysctl() +{ + name=$1 + sysctl $name &>/dev/null || _notrun "$name sysctl unavailable" +} + init_rc ################################################################################ From patchwork Tue May 5 20:20:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Sandeen X-Patchwork-Id: 11529863 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F26A215AB for ; Tue, 5 May 2020 20:20:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D54F720735 for ; Tue, 5 May 2020 20:20:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="DaNFmiLV" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727785AbgEEUUP (ORCPT ); Tue, 5 May 2020 16:20:15 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:52614 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728609AbgEEUUP (ORCPT ); Tue, 5 May 2020 16:20:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1588710013; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2OfXrdLvD0nvCSMDp43Yh4Q5UUOoQ5wYKDx3GZIBKTs=; b=DaNFmiLVIyYo3lpxH5aQl3E88f0fFUb+A5knzbUhWVaSu95IVym3cjSiidetFaVI8dB/SC yJiMzQ0y5tQwdCBmwD64eX9Ue16wXF+0cq+tvvx/2TFmIkrhDBzVP0pufjvqNxKoCtXtGy DjZzwlUJi2hGuCpMM21k6rttB1j/Jfs= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-448-fI6_h4iLN4S9FlxfSYahTg-1; Tue, 05 May 2020 16:20:11 -0400 X-MC-Unique: fI6_h4iLN4S9FlxfSYahTg-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0C3A880183C for ; Tue, 5 May 2020 20:20:11 +0000 (UTC) Received: from [IPv6:::1] (ovpn04.gateway.prod.ext.phx2.redhat.com [10.5.9.4]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D6FAD5C1B2 for ; Tue, 5 May 2020 20:20:10 +0000 (UTC) Subject: [PATCH 2/3] fstests: test restricted symlinks & hardlinks sysctls From: Eric Sandeen To: fstests References: <99a3164b-ee00-113c-e0aa-41eab9633364@redhat.com> Message-ID: <294c5739-ff30-285c-8cf7-11a6dff98294@redhat.com> Date: Tue, 5 May 2020 15:20:10 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <99a3164b-ee00-113c-e0aa-41eab9633364@redhat.com> Content-Language: en-US X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Sender: fstests-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: fstests@vger.kernel.org This tests the fs.protected_symlinks and fs.protected_hardlinks sysctls which restrict links behavior in sticky world-writable directories as documented in the kernel at Documentation/admin-guide/sysctl/fs.rst Signed-off-by: Eric Sandeen Reviewed-by: Bill O'Donnell diff --git a/tests/generic/900 b/tests/generic/900 new file mode 100755 index 00000000..f0ac46ef --- /dev/null +++ b/tests/generic/900 @@ -0,0 +1,114 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (c) 2020 Red Hat, Inc. All Rights Reserved. +# +# FS QA Test 900 +# +# Test protected_symlink and protected_hardlink ioctls +# +seq=`basename $0` +seqres=$RESULT_DIR/$seq +echo "QA output created by $seq" + +here=`pwd` +tmp=/tmp/$$ +status=1 # failure is the default! +trap "_cleanup; exit \$status" 0 1 2 3 15 + +_cleanup() +{ + rm -rf $TEST_DIR/$seq + sysctl -qw fs.protected_symlinks=$SYMLINK_PROTECTION + sysctl -qw fs.protected_hardlinks=$HARDLINK_PROTECTION + cd / + rm -f $tmp.* +} + +# get standard environment, filters and checks +. ./common/rc +. ./common/filter + +# remove previous $seqres.full before test +rm -f $seqres.full + +# real QA test starts here + +# Modify as appropriate. +_supported_fs generic +_supported_os Linux +_require_test +_require_sysctl fs.protected_symlinks +_require_sysctl fs.protected_hardlinks +_require_user fsgqa +_require_user fsgqa2 + +OWNER=fsgqa +OTHER=fsgqa2 + +# Save current system state to reset when done +SYMLINK_PROTECTION=`sysctl -n fs.protected_symlinks` +HARDLINK_PROTECTION=`sysctl -n fs.protected_hardlinks` + +test_symlink() +{ + ln -s $TEST_DIR/$seq/target $TEST_DIR/$seq/sticky_dir/symlink + chown $OTHER.$OTHER $TEST_DIR/$seq/sticky_dir + chown $OWNER.$OWNER $TEST_DIR/$seq/sticky_dir/symlink + # If we can read the target, we followed the link + sudo -u $OTHER cat $TEST_DIR/$seq/sticky_dir/symlink 2>&1 \ + | _filter_test_dir + rm -f $TEST_DIR/$seq/sticky_dir/symlink +} + +test_hardlink() +{ + chown $OWNER.$OWNER $TEST_DIR/$seq/target + chmod go-rw $TEST_DIR/$seq/target + sudo -u $OTHER \ + ln $TEST_DIR/$seq/target $TEST_DIR/$seq/sticky_dir/hardlink 2>&1 \ + | _filter_test_dir + test -f $TEST_DIR/$seq/sticky_dir/hardlink \ + && echo "successfully created hardlink" + rm -f $TEST_DIR/$seq/sticky_dir/hardlink +} + +setup_tree() +{ + # Create world-writable sticky dir + mkdir -p $TEST_DIR/$seq/sticky_dir + chmod 1777 $TEST_DIR/$seq/sticky_dir + # And a file elsewhere that will be linked to from that sticky dir + mkdir -p $TEST_DIR/$seq + # If we can read it, we followed the link. + echo "successfully followed symlink" > $TEST_DIR/$seq/target +} + +setup_tree + +# First test fs.protected_symlinks +# With protection on, symlink follows should fail if the +# link owner != the sticky directory owner, and the process +# is not the link owner. +echo "== Test symlink follow protection when" +echo "== process != link owner and dir owner != link owner" +sysctl -w fs.protected_symlinks=0 +test_symlink +sysctl -w fs.protected_symlinks=1 +test_symlink + +echo + +# Now test fs.protected_hardlinks +# With protection on, hardlink creation should fail if the +# process does not own the target file, and the process does not have +# read-write access to the target +echo "== Test hardlink create protection when" +echo "== process != target owner and process cannot read target" +sysctl -w fs.protected_hardlinks=0 +test_hardlink +sysctl -w fs.protected_hardlinks=1 +test_hardlink + +# success, all done +status=0 +exit diff --git a/tests/generic/900.out b/tests/generic/900.out new file mode 100644 index 00000000..c9b26dbd --- /dev/null +++ b/tests/generic/900.out @@ -0,0 +1,14 @@ +QA output created by 900 +== Test symlink follow protection when +== process != link owner and dir owner != link owner +fs.protected_symlinks = 0 +successfully followed symlink +fs.protected_symlinks = 1 +cat: TEST_DIR/900/sticky_dir/symlink: Permission denied + +== Test hardlink create protection when +== process != target owner and process cannot read target +fs.protected_hardlinks = 0 +successfully created hardlink +fs.protected_hardlinks = 1 +ln: failed to create hard link 'TEST_DIR/900/sticky_dir/hardlink' => 'TEST_DIR/900/target': Operation not permitted diff --git a/tests/generic/group b/tests/generic/group index 718575ba..782b0cc3 100644 --- a/tests/generic/group +++ b/tests/generic/group @@ -598,3 +598,4 @@ 594 auto quick quota 595 auto quick encrypt 596 auto quick +900 auto quick perms From patchwork Tue May 5 20:21:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Sandeen X-Patchwork-Id: 11529865 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C040C139A for ; Tue, 5 May 2020 20:22:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 997EE20735 for ; Tue, 5 May 2020 20:22:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="NCij1GL3" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727785AbgEEUWB (ORCPT ); Tue, 5 May 2020 16:22:01 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:37099 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726593AbgEEUWB (ORCPT ); Tue, 5 May 2020 16:22:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1588710118; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=WPm8aOSWnEVQWS0To3HYRwksxRZQIKyuJxe2vyGDITM=; b=NCij1GL3QUDMBBRCG6NffW4Onvwy1+KaPM4hMRcngw79xwemCILuy0v5UMevfiQUR0pZHD 3Z1z54QPRio8qPsJfcupQJpYe0SiUAXcRYnEbxjcGcDJKvZTRFh/440EVz5Q6d/B0Aj9L6 zRhAIwcOWTQgQGTwd9QnvMqDJTns6uc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-375-jtZWDopvNqq0rvzN2IejYQ-1; Tue, 05 May 2020 16:21:56 -0400 X-MC-Unique: jtZWDopvNqq0rvzN2IejYQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4C7BD1005510 for ; Tue, 5 May 2020 20:21:55 +0000 (UTC) Received: from [IPv6:::1] (ovpn04.gateway.prod.ext.phx2.redhat.com [10.5.9.4]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 153E110016DA for ; Tue, 5 May 2020 20:21:55 +0000 (UTC) Subject: [PATCH 3/3] fstests: test restricted file access sysctls From: Eric Sandeen To: fstests References: <99a3164b-ee00-113c-e0aa-41eab9633364@redhat.com> Autocrypt: addr=sandeen@redhat.com; prefer-encrypt=mutual; keydata= mQINBE6x99QBEADMR+yNFBc1Y5avoUhzI/sdR9ANwznsNpiCtZlaO4pIWvqQJCjBzp96cpCs nQZV32nqJBYnDpBDITBqTa/EF+IrHx8gKq8TaSBLHUq2ju2gJJLfBoL7V3807PQcI18YzkF+ WL05ODFQ2cemDhx5uLghHEeOxuGj+1AI+kh/FCzMedHc6k87Yu2ZuaWF+Gh1W2ix6hikRJmQ vj5BEeAx7xKkyBhzdbNIbbjV/iGi9b26B/dNcyd5w2My2gxMtxaiP7q5b6GM2rsQklHP8FtW ZiYO7jsg/qIppR1C6Zr5jK1GQlMUIclYFeBbKggJ9mSwXJH7MIftilGQ8KDvNuV5AbkronGC sEEHj2khs7GfVv4pmUUHf1MRIvV0x3WJkpmhuZaYg8AdJlyGKgp+TQ7B+wCjNTdVqMI1vDk2 BS6Rg851ay7AypbCPx2w4d8jIkQEgNjACHVDU89PNKAjScK1aTnW+HNUqg9BliCvuX5g4z2j gJBs57loTWAGe2Ve3cMy3VoQ40Wt3yKK0Eno8jfgzgb48wyycINZgnseMRhxc2c8hd51tftK LKhPj4c7uqjnBjrgOVaVBupGUmvLiePlnW56zJZ51BR5igWnILeOJ1ZIcf7KsaHyE6B1mG+X dmYtjDhjf3NAcoBWJuj8euxMB6TcQN2MrSXy5wSKaw40evooGwARAQABtCRFcmljIFIuIFNh bmRlZW4gPHNhbmRlZW5AcmVkaGF0LmNvbT6JAjgEEwECACIFAk6yrl4CGwMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAAoJECCuFpLhPd7gh2kP/A6CRmIF2MSttebyBk+6Ppx47ct+Kcmp YokwfI9iahSPiQ+LmmBZE+PMYesE+8+lsSiAvzz6YEXsfWMlGzHiqiE76d2xSOYVPO2rX7xl 4T2J98yZlYrjMDmQ6gpFe0ZBpVl45CFUYkBaeulEMspzaYLH6zGsPjgfVJyYnW94ZXLWcrST ixBPJcDtk4j6jrbY3K8eVFimK+RSq6CqZgUZ+uaDA/wJ4kHrYuvM3QPbsHQr/bYSNkVAFxgl G6a4CSJ4w70/dT9FFb7jzj30nmaBmDFcuC+xzecpcflaLvuFayuBJslMp4ebaL8fglvntWsQ ZM8361Ckjt82upo2JRYiTrlE9XiSEGsxW3EpdFT3vUmIlgY0/Xo5PGv3ySwcFucRUk1Q9j+Z X4gCaX5sHpQM03UTaDx4jFdGqOLnTT1hfrMQZ3EizVbnQW9HN0snm9lD5P6O1dxyKbZpevfW BfwdQ35RXBbIKDmmZnwJGJgYl5Bzh5DlT0J7oMVOzdEVYipWx82wBqHVW4I1tPunygrYO+jN n+BLwRCOYRJm5BANwYx0MvWlm3Mt3OkkW2pbX+C3P5oAcxrflaw3HeEBi/KYkygxovWl93IL TsW03R0aNcI6bSdYR/68pL4ELdx7G/SLbaHf28FzzUFjRvN55nBoMePOFo1O6KtkXXQ4GbXV ebdvuQINBE6x99QBEADQOtSJ9OtdDOrE7xqJA4Lmn1PPbk2n9N+m/Wuh87AvxU8Ey8lfg/mX VXbJ3vQxlFRWCOYLJ0TLEsnobZjIc7YhlMRqNRjRSn5vcSs6kulnCG+BZq2OJ+mPpsFIq4Nd 5OGoV2SmEXmQCaB9UAiRqflLFYrf5LRXYX+jGy0hWIGEyEPAjpexGWdUGgsthwSKXEDYWVFR Lsw5kaZEmRG10YPmShVlIzrFVlBKZ8QFphD9YkEYlB0/L3ieeUBWfeUff43ule81S4IZX63h hS3e0txG4ilgEI5aVztumB4KmzldrR0hmAnwui67o4Enm9VeM/FOWQV1PRLT+56sIbnW7ynq wZEudR4BQaRB8hSoZSNbasdpeBY2/M5XqLe1/1hqJcqXdq8Vo1bWQoGzRPkzVyeVZlRS2XqT TiXPk6Og1j0n9sbJXcNKWRuVdEwrzuIthBKtxXpwXP09GXi9bUsZ9/fFFAeeB43l8/HN7xfk 0TeFv5JLDIxISonGFVNclV9BZZbR1DE/sc3CqY5ZgX/qb7WAr9jaBjeMBCexZOu7hFVNkacr AQ+Y4KlJS+xNFexUeCxYnvSp3TI5KNa6K/hvy+YPf5AWDK8IHE8x0/fGzE3l62F4sw6BHBak ufrI0Wr/G2Cz4QKAb6BHvzJdDIDuIKzm0WzY6sypXmO5IwaafSTElQARAQABiQIfBBgBAgAJ BQJOsffUAhsMAAoJECCuFpLhPd7gErAP/Rk46ZQ05kJI4sAyNnHea1i2NiB9Q0qLSSJg+94a hFZOpuKzxSK0+02sbhfGDMs6KNJ04TNDCR04in9CdmEY2ywx6MKeyW4rQZB35GQVVY2ZxBPv yEF4ZycQwBdkqrtuQgrO9zToYWaQxtf+ACXoOI0a/RQ0Bf7kViH65wIllLICnewD738sqPGd N51fRrKBcDquSlfRjQW83/11+bjv4sartYCoE7JhNTcTr/5nvZtmgb9wbsA0vFw+iiUs6tTj eioWcPxDBw3nrLhV8WPf+MMXYxffG7i/Y6OCVWMwRgdMLE/eanF6wYe6o6K38VH6YXQw/0kZ +PrH5uP/0kwG0JbVtj9o94x08ZMm9eMa05VhuUZmtKNdGfn75S7LfoK+RyuO7OJIMb4kR7Eb FzNbA3ias5BaExPknJv7XwI74JbEl8dpheIsRbt0jUDKcviOOfhbQxKJelYNTD5+wE4+TpqH XQLj5HUlzt3JSwqSwx+++FFfWFMheG2HzkfXrvTpud5NrJkGGVn+ErXy6pNf6zSicb+bUXe9 i92UTina2zWaaLEwXspqM338TlFC2JICu8pNt+wHpPCjgy2Ei4u5/4zSYjiA+X1I+V99YJhU +FpT2jzfLUoVsP/6WHWmM/tsS79i50G/PsXYzKOHj/0ZQCKOsJM14NMMCC8gkONe4tek Message-ID: <8e007b9f-9fdb-c9dd-c2b0-dd273d24a517@redhat.com> Date: Tue, 5 May 2020 15:21:54 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <99a3164b-ee00-113c-e0aa-41eab9633364@redhat.com> Content-Language: en-US X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Sender: fstests-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: fstests@vger.kernel.org This tests the fs.protected_regular and fs.protected_fifos sysctls which restrict access behavior in sticky world-writable directories as documented in the kernel at Documentation/admin-guide/sysctl/fs.rst Signed-off-by: Eric Sandeen Reviewed-by: Bill O'Donnell diff --git a/tests/generic/901 b/tests/generic/901 new file mode 100755 index 00000000..5906b53c --- /dev/null +++ b/tests/generic/901 @@ -0,0 +1,127 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (c) 2020 Red Hat, Inc. All Rights Reserved. +# +# FS QA Test 900 +# +# Test protected_regular and protected_fifos sysctls +# +seq=`basename $0` +seqres=$RESULT_DIR/$seq +echo "QA output created by $seq" + +here=`pwd` +tmp=/tmp/$$ +status=1 # failure is the default! +trap "_cleanup; exit \$status" 0 1 2 3 15 + +_cleanup() +{ + rm -rf $TEST_DIR/$seq + sysctl -qw fs.protected_regular=$REGULAR_PROTECTION + sysctl -qw fs.protected_fifos=$FIFO_PROTECTION + cd / + rm -f $tmp.* +} + +# get standard environment, filters and checks +. ./common/rc +. ./common/filter + +# remove previous $seqres.full before test +rm -f $seqres.full + +# real QA test starts here + +# Modify as appropriate. +_supported_fs generic +_supported_os Linux +_require_test +_require_sysctl fs.protected_regular +_require_sysctl fs.protected_fifos +_require_user fsgqa +_require_user fsgqa2 + +USER1=fsgqa +USER2=fsgqa2 + +# Save current system state to reset when done +REGULAR_PROTECTION=`sysctl -n fs.protected_regular` +FIFO_PROTECTION=`sysctl -n fs.protected_fifos` + +test_access() +{ + FILENAME=$1 + + # sticky dir is world & group writable: + echo "= group & world writable dir" + chmod og+w $TEST_DIR/$seq/sticky_dir + # "open -f" opens O_CREAT + result=`sudo -u $USER2 $XFS_IO_PROG -c "open -f $TEST_DIR/$seq/sticky_dir/$FILENAME" 2>&1` \ + && echo "successfully opened $FILENAME" \ + || echo $result | _filter_test_dir + # sticky dir is only group writable: + echo "= only group writable dir" + chmod o-w $TEST_DIR/$seq/sticky_dir + result=`sudo -u $USER2 $XFS_IO_PROG -c "open -f $TEST_DIR/$seq/sticky_dir/$FILENAME" 2>&1` \ + && echo "successfully opened $FILENAME" \ + || echo $result | _filter_test_dir +} + +setup_tree() +{ + # Create sticky dir owned by $USER2 + mkdir -p $TEST_DIR/$seq + mkdir -p $TEST_DIR/$seq/sticky_dir + chmod 1777 $TEST_DIR/$seq/sticky_dir + chown $USER2.$USER2 $TEST_DIR/$seq/sticky_dir + + # Create file & fifo in that dir owned by $USER1, and open + # normal read/write privs for world & group + $XFS_IO_PROG -c "open -f $TEST_DIR/$seq/sticky_dir/file" + chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/file + chmod o+rw $TEST_DIR/$seq/sticky_dir/file + + mkfifo $TEST_DIR/$seq/sticky_dir/fifo + chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/fifo + chmod o+rw $TEST_DIR/$seq/sticky_dir/fifo +} + +setup_tree + +# First test fs.protected_regular +# With protection set to 1, O_CREAT opens in a world-writable sticky +# directory should fail if the file exists, is owned by another, and +# file owner != dir owner +# +# With protection set to 2, the same goes for group-writable +# sticky directories + +echo "== Test file open when owned by another and file owner != dir owner" +sysctl -w fs.protected_regular=0 +test_access file +sysctl -w fs.protected_regular=1 +test_access file +sysctl -w fs.protected_regular=2 +test_access file + +echo + +# Now test fs.protected_fifos +# With protection set to 1, O_CREAT opens in a world-writable sticky +# directory should fail if the fifo exists, is owned by another, and +# file owner != dir owner +# +# With protection set to 2, the same goes for group-writable +# sticky directories +echo "== Test fifo open when owned by another and fifo owner != dir owner" +sysctl -w fs.protected_fifos=0 +test_access fifo +sysctl -w fs.protected_fifos=1 +test_access fifo +sysctl -w fs.protected_fifos=2 +test_access fifo + +# success, all done +status=0 +exit diff --git a/tests/generic/901.out b/tests/generic/901.out new file mode 100644 index 00000000..af774ca5 --- /dev/null +++ b/tests/generic/901.out @@ -0,0 +1,34 @@ +QA output created by 901 +== Test file open when owned by another and file owner != dir owner +fs.protected_regular = 0 += group & world writable dir +successfully opened file += only group writable dir +successfully opened file +fs.protected_regular = 1 += group & world writable dir +TEST_DIR/901/sticky_dir/file: Permission denied += only group writable dir +successfully opened file +fs.protected_regular = 2 += group & world writable dir +TEST_DIR/901/sticky_dir/file: Permission denied += only group writable dir +TEST_DIR/901/sticky_dir/file: Permission denied + +== Test fifo open when owned by another and fifo owner != dir owner +fs.protected_fifos = 0 += group & world writable dir +successfully opened fifo += only group writable dir +successfully opened fifo +fs.protected_fifos = 1 += group & world writable dir +TEST_DIR/901/sticky_dir/fifo: Permission denied += only group writable dir +successfully opened fifo +fs.protected_fifos = 2 += group & world writable dir +TEST_DIR/901/sticky_dir/fifo: Permission denied += only group writable dir +TEST_DIR/901/sticky_dir/fifo: Permission denied diff --git a/tests/generic/group b/tests/generic/group index 782b0cc3..d1e529d5 100644 --- a/tests/generic/group +++ b/tests/generic/group @@ -599,3 +599,4 @@ 595 auto quick encrypt 596 auto quick 900 auto quick perms +901 auto quick perms