Index: tests/sys/vfs/Makefile =================================================================== --- tests/sys/vfs/Makefile +++ tests/sys/vfs/Makefile @@ -4,6 +4,9 @@ TESTSDIR= ${TESTSBASE}/sys/vfs +ATF_TESTS_C+= lookup_cap_dotdot +CFLAGS.lookup_cap_dotdot.c+= -I${SRCTOP}/tests + PLAIN_TESTS_SH+= trailing_slash .include Index: tests/sys/vfs/lookup_cap_dotdot.c =================================================================== --- /dev/null +++ tests/sys/vfs/lookup_cap_dotdot.c @@ -0,0 +1,121 @@ +/*- + * Copyright (c) 2016 Conrad Meyer + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "freebsd_test_suite/macros.h" + +static int testdir_fd = -1; + +static void +prepare_dotdot_tests(void) +{ + char path[PATH_MAX]; + + ATF_CHECK((testdir_fd = open(getcwd(path, PATH_MAX), O_RDONLY)) >= 0); + ATF_CHECK(mkdirat(testdir_fd, "b", 0700) >= 0); +} + +static void +check_capsicum(void) +{ + + ATF_REQUIRE_FEATURE("security_capabilities"); + ATF_REQUIRE_FEATURE("security_capability_mode"); +} + +/* + * Positive tests + */ +ATF_TC(lookup_cap_dotdot__basic); +ATF_TC_HEAD(lookup_cap_dotdot__basic, tc) +{ + atf_tc_set_md_var(tc, "require.user", "root"); + atf_tc_set_md_var(tc, "descr", + "Validate cap-mode (a)/b/.. lookup"); +} + +ATF_TC_BODY(lookup_cap_dotdot__basic, tc) +{ + cap_rights_t rights; + int fd; + + check_capsicum(); + prepare_dotdot_tests(); + + cap_rights_init(&rights, CAP_LOOKUP, CAP_READ); + ATF_REQUIRE(cap_rights_limit(testdir_fd, &rights) >= 0); + + ATF_REQUIRE(openat(testdir_fd, "b/..", O_RDONLY) >= 0); +} + +/* + * Negative tests + */ +ATF_TC(lookup_cap_dotdot__negative); +ATF_TC_HEAD(lookup_cap_dotdot__negative, tc) +{ + atf_tc_set_md_var(tc, "require.user", "root"); + atf_tc_set_md_var(tc, "descr", + "Validate cap-mode (a)/.. lookup fails"); +} + +ATF_TC_BODY(lookup_cap_dotdot__negative, tc) +{ + cap_rights_t rights; + int fd; + + check_capsicum(); + prepare_dotdot_tests(); + + cap_rights_init(&rights, CAP_LOOKUP, CAP_READ); + ATF_REQUIRE(cap_rights_limit(testdir_fd, &rights) >= 0); + + fd = openat(testdir_fd, "..", O_RDONLY); + ATF_REQUIRE(fd < 0 && errno == ENOTCAPABLE); + + fd = openat(testdir_fd, "b/../..", O_RDONLY); + ATF_REQUIRE(fd < 0 && errno != ENOTCAPABLE); +} + +ATF_TP_ADD_TCS(tp) +{ + + ATF_TP_ADD_TC(tp, lookup_cap_dotdot__basic); + ATF_TP_ADD_TC(tp, lookup_cap_dotdot__negative); + + return (atf_no_error()); +}