]>
Commit | Line | Data |
---|---|---|
bfff8b1b | 1 | /* Copyright (C) 2012-2017 Free Software Foundation, Inc. |
84b3fd84 FW |
2 | This file is part of the GNU C Library. |
3 | ||
4 | The GNU C Library is free software; you can redistribute it and/or | |
5 | modify it under the terms of the GNU Lesser General Public | |
6 | License as published by the Free Software Foundation; either | |
7 | version 2.1 of the License, or (at your option) any later version. | |
8 | ||
9 | The GNU C Library is distributed in the hope that it will be useful, | |
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
12 | Lesser General Public License for more details. | |
13 | ||
14 | You should have received a copy of the GNU Lesser General Public | |
15 | License along with the GNU C Library; if not, see | |
16 | <http://www.gnu.org/licenses/>. */ | |
17 | ||
18 | /* Test that secure_getenv works by invoking the test as a SGID | |
19 | program with a group ID from the supplementary group list. This | |
20 | test can fail spuriously if the user is not a member of a suitable | |
edb3cb88 | 21 | supplementary group. */ |
84b3fd84 FW |
22 | |
23 | #include <errno.h> | |
24 | #include <fcntl.h> | |
25 | #include <stdlib.h> | |
26 | #include <stdint.h> | |
27 | #include <stdio.h> | |
28 | #include <string.h> | |
29 | #include <sys/stat.h> | |
30 | #include <sys/wait.h> | |
31 | #include <unistd.h> | |
32 | ||
c23de0aa FW |
33 | #include <support/support.h> |
34 | #include <support/test-driver.h> | |
35 | ||
84b3fd84 FW |
36 | static char MAGIC_ARGUMENT[] = "run-actual-test"; |
37 | #define MAGIC_STATUS 19 | |
38 | ||
84b3fd84 | 39 | /* Return a GID which is not our current GID, but is present in the |
edb3cb88 | 40 | supplementary group list. */ |
84b3fd84 FW |
41 | static gid_t |
42 | choose_gid (void) | |
43 | { | |
44 | const int count = 64; | |
45 | gid_t groups[count]; | |
46 | int ret = getgroups (count, groups); | |
47 | if (ret < 0) | |
48 | { | |
2bc13872 | 49 | printf ("getgroups: %m\n"); |
84b3fd84 FW |
50 | exit (1); |
51 | } | |
52 | gid_t current = getgid (); | |
53 | for (int i = 0; i < ret; ++i) | |
54 | { | |
55 | if (groups[i] != current) | |
56 | return groups[i]; | |
57 | } | |
58 | return 0; | |
59 | } | |
60 | ||
61 | ||
62 | /* Copies the executable into a restricted directory, so that we can | |
63 | safely make it SGID with the TARGET group ID. Then runs the | |
edb3cb88 | 64 | executable. */ |
84b3fd84 FW |
65 | static int |
66 | run_executable_sgid (gid_t target) | |
67 | { | |
c23de0aa FW |
68 | char *dirname = xasprintf ("%s/secure-getenv.%jd", |
69 | test_dir, (intmax_t) getpid ()); | |
70 | char *execname = xasprintf ("%s/bin", dirname); | |
84b3fd84 FW |
71 | int infd = -1; |
72 | int outfd = -1; | |
73 | int ret = -1; | |
84b3fd84 FW |
74 | if (mkdir (dirname, 0700) < 0) |
75 | { | |
2bc13872 | 76 | printf ("mkdir: %m\n"); |
84b3fd84 FW |
77 | goto err; |
78 | } | |
84b3fd84 FW |
79 | infd = open ("/proc/self/exe", O_RDONLY); |
80 | if (infd < 0) | |
81 | { | |
2bc13872 | 82 | printf ("open (/proc/self/exe): %m\n"); |
84b3fd84 FW |
83 | goto err; |
84 | } | |
85 | outfd = open (execname, O_WRONLY | O_CREAT | O_EXCL, 0700); | |
86 | if (outfd < 0) | |
87 | { | |
2bc13872 | 88 | printf ("open (%s): %m\n", execname); |
84b3fd84 FW |
89 | goto err; |
90 | } | |
91 | char buf[4096]; | |
92 | for (;;) | |
93 | { | |
94 | ssize_t rdcount = read (infd, buf, sizeof (buf)); | |
95 | if (rdcount < 0) | |
96 | { | |
2bc13872 | 97 | printf ("read: %m\n"); |
84b3fd84 FW |
98 | goto err; |
99 | } | |
100 | if (rdcount == 0) | |
101 | break; | |
102 | char *p = buf; | |
103 | char *end = buf + rdcount; | |
104 | while (p != end) | |
105 | { | |
106 | ssize_t wrcount = write (outfd, buf, end - p); | |
107 | if (wrcount == 0) | |
108 | errno = ENOSPC; | |
109 | if (wrcount <= 0) | |
110 | { | |
2bc13872 | 111 | printf ("write: %m\n"); |
84b3fd84 FW |
112 | goto err; |
113 | } | |
114 | p += wrcount; | |
115 | } | |
116 | } | |
117 | if (fchown (outfd, getuid (), target) < 0) | |
118 | { | |
2bc13872 | 119 | printf ("fchown (%s): %m\n", execname); |
84b3fd84 FW |
120 | goto err; |
121 | } | |
122 | if (fchmod (outfd, 02750) < 0) | |
123 | { | |
2bc13872 | 124 | printf ("fchmod (%s): %m\n", execname); |
84b3fd84 FW |
125 | goto err; |
126 | } | |
127 | if (close (outfd) < 0) | |
128 | { | |
2bc13872 | 129 | printf ("close (outfd): %m\n"); |
84b3fd84 FW |
130 | goto err; |
131 | } | |
132 | if (close (infd) < 0) | |
133 | { | |
2bc13872 | 134 | printf ("close (infd): %m\n"); |
84b3fd84 FW |
135 | goto err; |
136 | } | |
137 | ||
138 | int kid = fork (); | |
139 | if (kid < 0) | |
140 | { | |
2bc13872 | 141 | printf ("fork: %m\n"); |
84b3fd84 FW |
142 | goto err; |
143 | } | |
144 | if (kid == 0) | |
145 | { | |
edb3cb88 | 146 | /* Child process. */ |
84b3fd84 FW |
147 | char *args[] = { execname, MAGIC_ARGUMENT, NULL }; |
148 | execve (execname, args, environ); | |
2bc13872 | 149 | printf ("execve (%s): %m\n", execname); |
84b3fd84 FW |
150 | _exit (1); |
151 | } | |
152 | int status; | |
153 | if (waitpid (kid, &status, 0) < 0) | |
154 | { | |
2bc13872 | 155 | printf ("waitpid: %m\n"); |
84b3fd84 FW |
156 | goto err; |
157 | } | |
158 | if (!WIFEXITED (status) || WEXITSTATUS (status) != MAGIC_STATUS) | |
159 | { | |
2bc13872 FW |
160 | printf ("Unexpected exit status %d from child process\n", |
161 | status); | |
84b3fd84 FW |
162 | goto err; |
163 | } | |
164 | ret = 0; | |
165 | ||
166 | err: | |
167 | if (outfd >= 0) | |
168 | close (outfd); | |
169 | if (infd >= 0) | |
170 | close (infd); | |
171 | if (execname) | |
172 | { | |
173 | unlink (execname); | |
174 | free (execname); | |
175 | } | |
176 | if (dirname) | |
177 | { | |
178 | rmdir (dirname); | |
179 | free (dirname); | |
180 | } | |
181 | return ret; | |
182 | } | |
183 | ||
184 | static int | |
185 | do_test (void) | |
186 | { | |
187 | if (getenv ("PATH") == NULL) | |
188 | { | |
2bc13872 | 189 | printf ("PATH not set\n"); |
84b3fd84 FW |
190 | exit (1); |
191 | } | |
192 | if (secure_getenv ("PATH") == NULL) | |
193 | { | |
2bc13872 | 194 | printf ("PATH not set according to secure_getenv\n"); |
84b3fd84 FW |
195 | exit (1); |
196 | } | |
197 | if (strcmp (getenv ("PATH"), secure_getenv ("PATH")) != 0) | |
198 | { | |
2bc13872 FW |
199 | printf ("PATH mismatch (%s, %s)\n", |
200 | getenv ("PATH"), secure_getenv ("PATH")); | |
84b3fd84 FW |
201 | exit (1); |
202 | } | |
203 | ||
204 | gid_t target = choose_gid (); | |
205 | if (target == 0) | |
206 | { | |
2bc13872 FW |
207 | fprintf (stderr, |
208 | "Could not find a suitable GID for user %jd, skipping test\n", | |
84b3fd84 | 209 | (intmax_t) getuid ()); |
2bc13872 | 210 | exit (0); |
84b3fd84 FW |
211 | } |
212 | return run_executable_sgid (target); | |
213 | } | |
214 | ||
215 | static void | |
216 | alternative_main (int argc, char **argv) | |
217 | { | |
218 | if (argc == 2 && strcmp (argv[1], MAGIC_ARGUMENT) == 0) | |
219 | { | |
220 | if (getgid () == getegid ()) | |
221 | { | |
edb3cb88 | 222 | /* This can happen if the file system is mounted nosuid. */ |
29237804 | 223 | fprintf (stderr, "SGID failed: GID and EGID match (%jd)\n", |
2bc13872 | 224 | (intmax_t) getgid ()); |
29237804 | 225 | exit (MAGIC_STATUS); |
84b3fd84 FW |
226 | } |
227 | if (getenv ("PATH") == NULL) | |
228 | { | |
2bc13872 | 229 | printf ("PATH variable not present\n"); |
84b3fd84 FW |
230 | exit (3); |
231 | } | |
232 | if (secure_getenv ("PATH") != NULL) | |
233 | { | |
2bc13872 | 234 | printf ("PATH variable not filtered out\n"); |
84b3fd84 FW |
235 | exit (4); |
236 | } | |
237 | exit (MAGIC_STATUS); | |
238 | } | |
239 | } | |
240 | ||
c23de0aa FW |
241 | #define PREPARE alternative_main |
242 | #include <support/test-driver.c> |