Paths

Table of Contentst

Differential D29719

Simple regression tests for O_PATH/AT_EMPTY_PATH
ClosedPublic
Actions

Authored by markj on Apr 11 2021, 10:17 PM.

Tags

None

Referenced Files

	F103208235: D29719.id87304.diff
	Fri, Nov 22, 6:22 AM

	Unknown Object (File)
	Thu, Nov 21, 10:13 AM

	Unknown Object (File)
	Mon, Nov 4, 7:53 AM

	Unknown Object (File)
	Mon, Nov 4, 7:50 AM

	Unknown Object (File)
	Oct 18 2024, 12:53 AM

	Unknown Object (File)
	Oct 18 2024, 12:52 AM

	Unknown Object (File)
	Oct 18 2024, 12:52 AM

	Unknown Object (File)
	Oct 18 2024, 12:52 AM

Subscribers

Details

Reviewers

Commits

rGb0ad62ff6fd1: Add some regression tests for O_PATH and AT_EMPTY_PATH
rG3a248c84419d: Add some regression tests for O_PATH and AT_EMPTY_PATH

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 38528
Build 35417: arc lint + arc unit

Event Timeline

markj created this revision.Apr 11 2021, 10:17 PM

Herald added a subscriber: imp. · View Herald TranscriptApr 11 2021, 10:17 PM

markj requested review of this revision.Apr 11 2021, 10:17 PM

Harbormaster completed remote builds in B38522: Diff 87279.Apr 11 2021, 10:17 PM

markj mentioned this in D29323: Implement O_PATH.Apr 11 2021, 10:22 PM

kib added a subscriber: kib.Apr 12 2021, 1:25 AM

kib added inline comments.

tests/sys/file/path_test.c
98	Canonical way, AFAIU, is to not specify O_RDONLY. O_PATH is the access mode on its own. When requesting O_PATH \| O_EXEC, we requesting two modes. On the other hand, O_RDONLY is zero so it is fine either way for testing the implementation.
233	It would be most interesting to do something in reverse, namely, check that AT_EMPTY_PATH verifies access permissions when non-root user tries to e.g. linkat(AT_EMPTY_PATH) to file he does not own. In other words, check that AT_EMPTY_PATH does not create a security hole. But I have no idea how to do it with atf.

markj marked an inline comment as done.Apr 12 2021, 12:32 PM

markj added inline comments.

tests/sys/file/path_test.c
233	I tried to do this in the test above, with the `geteuid() == 0` check. It is not ideal, nothing ensures that the test is ever run as a non-root user.

getuid -> geteuid
Drop permissions flags in open() calls specifying O_PATH

Harbormaster completed remote builds in B38528: Diff 87304.Apr 12 2021, 12:32 PM

Verify that capability mode namespace checks work on path fds.

Make sure that CAP_FEXECVE is checked on path fds.

Herald added a subscriber: jonathan. · View Herald TranscriptApr 12 2021, 6:23 PM

Harbormaster completed remote builds in B38542: Diff 87334.Apr 12 2021, 6:23 PM

kib added inline comments.Apr 13 2021, 5:28 AM

tests/sys/file/path_test.c
233	There is some mechanism in ATF triggered by `atf_tc_set_md_var(tc, "require.user", "unprivileged");`. See for instance contrib/netbsd-tests/lib/libc/sys/t_access.c access_access But I have no idea about details.

markj added inline comments.Apr 13 2021, 10:30 PM

tests/sys/file/path_test.c
233	Thanks, I didn't know about it. Apparently it causes kyua to run the test without privileges if invoked as root.

Split unprivileged tests into separate test cases and annotate them.

Harbormaster completed remote builds in B38567: Diff 87413.Apr 13 2021, 10:31 PM

kib accepted this revision.Apr 14 2021, 2:34 PM

This revision is now accepted and ready to land.Apr 14 2021, 2:34 PM

Closed by commit rG3a248c84419d: Add some regression tests for O_PATH and AT_EMPTY_PATH (authored by markj). · Explain WhyApr 15 2021, 1:42 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG3a248c84419d: Add some regression tests for O_PATH and AT_EMPTY_PATH.

markj added a commit: rGb0ad62ff6fd1: Add some regression tests for O_PATH and AT_EMPTY_PATH.Apr 29 2021, 2:24 PM

Revision Contents
Changeset List

Path

Size

tests/

sys/

file/

1 line

673 lines

Diff 87304

tests/sys/file/Makefile

Loading...

tests/sys/file/path_test.c

Loading...