From d44a1ee0049ceea7f3b98ee2293db8562cd81f23 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Tue, 1 Jul 2025 12:00:40 +0200 Subject: [PATCH] tests: add canonicalize test * add canonicalize_path_restricted() to test_canonicalize program * add test for root and non-root (but suid) user Signed-off-by: Karel Zak --- lib/canonicalize.c | 14 +++- tests/commands.sh | 1 + .../expected/misc/canonicalize-non-root-user | 3 + tests/expected/misc/canonicalize-root-user | 3 + tests/ts/misc/canonicalize | 80 +++++++++++++++++++ 5 files changed, 99 insertions(+), 2 deletions(-) create mode 100644 tests/expected/misc/canonicalize-non-root-user create mode 100644 tests/expected/misc/canonicalize-root-user create mode 100755 tests/ts/misc/canonicalize diff --git a/lib/canonicalize.c b/lib/canonicalize.c index 728783d3a..9109b3630 100644 --- a/lib/canonicalize.c +++ b/lib/canonicalize.c @@ -256,13 +256,23 @@ done: #ifdef TEST_PROGRAM_CANONICALIZE int main(int argc, char **argv) { + char *p; + if (argc < 2) { fprintf(stderr, "usage: %s \n", argv[0]); exit(EXIT_FAILURE); } - fprintf(stdout, "orig: %s\n", argv[1]); - fprintf(stdout, "real: %s\n", canonicalize_path(argv[1])); + fprintf(stdout, "orig: %s\n", argv[1]); + + p = canonicalize_path(argv[1]); + fprintf(stdout, "real: %s\n", p); + free(p); + + p = canonicalize_path_restricted(argv[1]); + fprintf(stdout, "real-restricted: %s\n", p); + free(p); + exit(EXIT_SUCCESS); } #endif diff --git a/tests/commands.sh b/tests/commands.sh index fe989a541..00be96655 100644 --- a/tests/commands.sh +++ b/tests/commands.sh @@ -4,6 +4,7 @@ TS_TESTUSER=${TS_TESTUSER:-"nobody"} # helpers TS_HELPER_BOILERPLATE="${ts_helpersdir}test_boilerplate" TS_HELPER_BYTESWAP="${ts_helpersdir}test_byteswap" +TS_HELPER_CANONICALIZE="${ts_helpersdir}test_canonicalize" TS_HELPER_COLORS="${ts_helpersdir}test_colors" TS_HELPER_CPUSET="${ts_helpersdir}test_cpuset" TS_HELPER_CAP="${ts_helpersdir}test_cap" diff --git a/tests/expected/misc/canonicalize-non-root-user b/tests/expected/misc/canonicalize-non-root-user new file mode 100644 index 000000000..204e83b67 --- /dev/null +++ b/tests/expected/misc/canonicalize-non-root-user @@ -0,0 +1,3 @@ +orig: /root-sym/foo +real: /root/foo +real-restricted: (null) diff --git a/tests/expected/misc/canonicalize-root-user b/tests/expected/misc/canonicalize-root-user new file mode 100644 index 000000000..87213a703 --- /dev/null +++ b/tests/expected/misc/canonicalize-root-user @@ -0,0 +1,3 @@ +orig: /aaa/bbb/ccc-sym/ddd +real: /ccc/ddd +real-restricted: /ccc/ddd diff --git a/tests/ts/misc/canonicalize b/tests/ts/misc/canonicalize new file mode 100755 index 000000000..2e111659c --- /dev/null +++ b/tests/ts/misc/canonicalize @@ -0,0 +1,80 @@ +#!/bin/bash + +# Copyright (C) 2025 Karel Zak +# +# This file is part of util-linux. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +TS_TOPDIR="${0%/*}/../.." +TS_DESC="canonicalize" + +. "$TS_TOPDIR"/functions.sh +ts_init "$*" + +ts_skip_nonroot + +ts_check_prog "getent" +ts_check_test_command "$TS_CMD_MOUNT" +ts_check_test_command "$TS_CMD_UMOUNT" +ts_check_test_command "$TS_CMD_SETPRIV" +ts_check_test_command "$TS_HELPER_CANONICALIZE" + +grep -q 'nodev[[:space:]]*tmpfs' /proc/filesystems || \ + ts_skip_subtest "tmpfs unsupported" + +mkdir -p $TS_MOUNTPOINT &> /dev/null +$TS_CMD_MOUNT -t tmpfs tmpfs $TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG +[ $? -eq 0 ] || ts_skip "tmpfs mount failed" + +# reuse the same TS_MOUNTPOINT in all subtests +BASE=$TS_MOUNTPOINT + +# setup suid binary +TESTPROG=${BASE}/$(basename $TS_HELPER_CANONICALIZE) +cp $TS_HELPER_CANONICALIZE $TESTPROG +chown root:root $TESTPROG +chmod +x,u+s $TESTPROG + +if [ ! -u "$TESTPROG" ] || [ ! -x "$TESTPROG" ]; then + $TS_CMD_UMOUNT $BASE + ts_skip "cannot setup suid test" +fi + + +ts_init_subtest root-user +mkdir -p ${BASE}/aaa/bbb +mkdir -p ${BASE}/ccc/ddd +ln -s ${BASE}/ccc ${BASE}/aaa/bbb/ccc-sym +$TESTPROG ${BASE}/aaa/bbb/ccc-sym/ddd | sed "s:${BASE}::g" >> $TS_OUTPUT 2>> $TS_ERRLOG +ts_finalize_subtest + + +ts_init_subtest non-root-user +uid="nobody" +if id $uid &>/dev/null; then + mkdir -p ${BASE}/root/foo + chown -R root:root ${BASE}/root + chmod -R o-rwx ${BASE}/root + ln -s ${BASE}/root ${BASE}/root-sym + + gid=$(getent passwd "$uid" | cut -d: -f4) + + $TS_CMD_SETPRIV --reuid="$uid" --regid="$gid" --clear-groups \ + --inh-caps=-all --reset-env \ + -- $TESTPROG ${BASE}/root-sym/foo \ + | sed "s:${BASE}::g" >> $TS_OUTPUT 2>> $TS_ERRLOG + + ts_finalize_subtest +else + ts_skip_subtest "nobody user is missing" +fi + + +# cleanup +$TS_CMD_UMOUNT $BASE &> /dev/null + +ts_finalize -- 2.47.3