]>
Commit | Line | Data |
---|---|---|
04277e02 | 1 | /* Copyright (C) 2012-2019 Free Software Foundation, Inc. |
84b3fd84 FW |
2 | This file is part of the GNU C Library. |
3 | ||
4 | The GNU C Library is free software; you can redistribute it and/or | |
5 | modify it under the terms of the GNU Lesser General Public | |
6 | License as published by the Free Software Foundation; either | |
7 | version 2.1 of the License, or (at your option) any later version. | |
8 | ||
9 | The GNU C Library is distributed in the hope that it will be useful, | |
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
12 | Lesser General Public License for more details. | |
13 | ||
14 | You should have received a copy of the GNU Lesser General Public | |
15 | License along with the GNU C Library; if not, see | |
5a82c748 | 16 | <https://www.gnu.org/licenses/>. */ |
84b3fd84 FW |
17 | |
18 | /* Test that secure_getenv works by invoking the test as a SGID | |
19 | program with a group ID from the supplementary group list. This | |
20 | test can fail spuriously if the user is not a member of a suitable | |
edb3cb88 | 21 | supplementary group. */ |
84b3fd84 FW |
22 | |
23 | #include <errno.h> | |
24 | #include <fcntl.h> | |
25 | #include <stdlib.h> | |
26 | #include <stdint.h> | |
27 | #include <stdio.h> | |
28 | #include <string.h> | |
29 | #include <sys/stat.h> | |
30 | #include <sys/wait.h> | |
31 | #include <unistd.h> | |
32 | ||
c23de0aa FW |
33 | #include <support/support.h> |
34 | #include <support/test-driver.h> | |
35 | ||
84b3fd84 FW |
36 | static char MAGIC_ARGUMENT[] = "run-actual-test"; |
37 | #define MAGIC_STATUS 19 | |
38 | ||
84b3fd84 | 39 | /* Return a GID which is not our current GID, but is present in the |
edb3cb88 | 40 | supplementary group list. */ |
84b3fd84 FW |
41 | static gid_t |
42 | choose_gid (void) | |
43 | { | |
bae8cf0e MG |
44 | int count = getgroups (0, NULL); |
45 | if (count < 0) | |
46 | { | |
47 | printf ("getgroups: %m\n"); | |
48 | exit (1); | |
49 | } | |
50 | gid_t *groups; | |
51 | groups = xcalloc (count, sizeof (*groups)); | |
84b3fd84 FW |
52 | int ret = getgroups (count, groups); |
53 | if (ret < 0) | |
54 | { | |
2bc13872 | 55 | printf ("getgroups: %m\n"); |
84b3fd84 FW |
56 | exit (1); |
57 | } | |
58 | gid_t current = getgid (); | |
bae8cf0e | 59 | gid_t not_current = 0; |
84b3fd84 FW |
60 | for (int i = 0; i < ret; ++i) |
61 | { | |
62 | if (groups[i] != current) | |
bae8cf0e MG |
63 | { |
64 | not_current = groups[i]; | |
65 | break; | |
66 | } | |
84b3fd84 | 67 | } |
bae8cf0e MG |
68 | free (groups); |
69 | return not_current; | |
84b3fd84 FW |
70 | } |
71 | ||
72 | ||
73 | /* Copies the executable into a restricted directory, so that we can | |
74 | safely make it SGID with the TARGET group ID. Then runs the | |
edb3cb88 | 75 | executable. */ |
84b3fd84 FW |
76 | static int |
77 | run_executable_sgid (gid_t target) | |
78 | { | |
c23de0aa FW |
79 | char *dirname = xasprintf ("%s/secure-getenv.%jd", |
80 | test_dir, (intmax_t) getpid ()); | |
81 | char *execname = xasprintf ("%s/bin", dirname); | |
84b3fd84 FW |
82 | int infd = -1; |
83 | int outfd = -1; | |
84 | int ret = -1; | |
84b3fd84 FW |
85 | if (mkdir (dirname, 0700) < 0) |
86 | { | |
2bc13872 | 87 | printf ("mkdir: %m\n"); |
84b3fd84 FW |
88 | goto err; |
89 | } | |
84b3fd84 FW |
90 | infd = open ("/proc/self/exe", O_RDONLY); |
91 | if (infd < 0) | |
92 | { | |
2bc13872 | 93 | printf ("open (/proc/self/exe): %m\n"); |
84b3fd84 FW |
94 | goto err; |
95 | } | |
96 | outfd = open (execname, O_WRONLY | O_CREAT | O_EXCL, 0700); | |
97 | if (outfd < 0) | |
98 | { | |
2bc13872 | 99 | printf ("open (%s): %m\n", execname); |
84b3fd84 FW |
100 | goto err; |
101 | } | |
102 | char buf[4096]; | |
103 | for (;;) | |
104 | { | |
105 | ssize_t rdcount = read (infd, buf, sizeof (buf)); | |
106 | if (rdcount < 0) | |
107 | { | |
2bc13872 | 108 | printf ("read: %m\n"); |
84b3fd84 FW |
109 | goto err; |
110 | } | |
111 | if (rdcount == 0) | |
112 | break; | |
113 | char *p = buf; | |
114 | char *end = buf + rdcount; | |
115 | while (p != end) | |
116 | { | |
117 | ssize_t wrcount = write (outfd, buf, end - p); | |
118 | if (wrcount == 0) | |
119 | errno = ENOSPC; | |
120 | if (wrcount <= 0) | |
121 | { | |
2bc13872 | 122 | printf ("write: %m\n"); |
84b3fd84 FW |
123 | goto err; |
124 | } | |
125 | p += wrcount; | |
126 | } | |
127 | } | |
128 | if (fchown (outfd, getuid (), target) < 0) | |
129 | { | |
2bc13872 | 130 | printf ("fchown (%s): %m\n", execname); |
84b3fd84 FW |
131 | goto err; |
132 | } | |
133 | if (fchmod (outfd, 02750) < 0) | |
134 | { | |
2bc13872 | 135 | printf ("fchmod (%s): %m\n", execname); |
84b3fd84 FW |
136 | goto err; |
137 | } | |
138 | if (close (outfd) < 0) | |
139 | { | |
2bc13872 | 140 | printf ("close (outfd): %m\n"); |
84b3fd84 FW |
141 | goto err; |
142 | } | |
143 | if (close (infd) < 0) | |
144 | { | |
2bc13872 | 145 | printf ("close (infd): %m\n"); |
84b3fd84 FW |
146 | goto err; |
147 | } | |
148 | ||
149 | int kid = fork (); | |
150 | if (kid < 0) | |
151 | { | |
2bc13872 | 152 | printf ("fork: %m\n"); |
84b3fd84 FW |
153 | goto err; |
154 | } | |
155 | if (kid == 0) | |
156 | { | |
edb3cb88 | 157 | /* Child process. */ |
84b3fd84 FW |
158 | char *args[] = { execname, MAGIC_ARGUMENT, NULL }; |
159 | execve (execname, args, environ); | |
2bc13872 | 160 | printf ("execve (%s): %m\n", execname); |
84b3fd84 FW |
161 | _exit (1); |
162 | } | |
163 | int status; | |
164 | if (waitpid (kid, &status, 0) < 0) | |
165 | { | |
2bc13872 | 166 | printf ("waitpid: %m\n"); |
84b3fd84 FW |
167 | goto err; |
168 | } | |
169 | if (!WIFEXITED (status) || WEXITSTATUS (status) != MAGIC_STATUS) | |
170 | { | |
2bc13872 FW |
171 | printf ("Unexpected exit status %d from child process\n", |
172 | status); | |
84b3fd84 FW |
173 | goto err; |
174 | } | |
175 | ret = 0; | |
176 | ||
177 | err: | |
178 | if (outfd >= 0) | |
179 | close (outfd); | |
180 | if (infd >= 0) | |
181 | close (infd); | |
182 | if (execname) | |
183 | { | |
184 | unlink (execname); | |
185 | free (execname); | |
186 | } | |
187 | if (dirname) | |
188 | { | |
189 | rmdir (dirname); | |
190 | free (dirname); | |
191 | } | |
192 | return ret; | |
193 | } | |
194 | ||
195 | static int | |
196 | do_test (void) | |
197 | { | |
198 | if (getenv ("PATH") == NULL) | |
199 | { | |
2bc13872 | 200 | printf ("PATH not set\n"); |
84b3fd84 FW |
201 | exit (1); |
202 | } | |
203 | if (secure_getenv ("PATH") == NULL) | |
204 | { | |
2bc13872 | 205 | printf ("PATH not set according to secure_getenv\n"); |
84b3fd84 FW |
206 | exit (1); |
207 | } | |
208 | if (strcmp (getenv ("PATH"), secure_getenv ("PATH")) != 0) | |
209 | { | |
2bc13872 FW |
210 | printf ("PATH mismatch (%s, %s)\n", |
211 | getenv ("PATH"), secure_getenv ("PATH")); | |
84b3fd84 FW |
212 | exit (1); |
213 | } | |
214 | ||
215 | gid_t target = choose_gid (); | |
216 | if (target == 0) | |
217 | { | |
2bc13872 FW |
218 | fprintf (stderr, |
219 | "Could not find a suitable GID for user %jd, skipping test\n", | |
84b3fd84 | 220 | (intmax_t) getuid ()); |
2bc13872 | 221 | exit (0); |
84b3fd84 FW |
222 | } |
223 | return run_executable_sgid (target); | |
224 | } | |
225 | ||
226 | static void | |
227 | alternative_main (int argc, char **argv) | |
228 | { | |
229 | if (argc == 2 && strcmp (argv[1], MAGIC_ARGUMENT) == 0) | |
230 | { | |
231 | if (getgid () == getegid ()) | |
232 | { | |
edb3cb88 | 233 | /* This can happen if the file system is mounted nosuid. */ |
29237804 | 234 | fprintf (stderr, "SGID failed: GID and EGID match (%jd)\n", |
2bc13872 | 235 | (intmax_t) getgid ()); |
29237804 | 236 | exit (MAGIC_STATUS); |
84b3fd84 FW |
237 | } |
238 | if (getenv ("PATH") == NULL) | |
239 | { | |
2bc13872 | 240 | printf ("PATH variable not present\n"); |
84b3fd84 FW |
241 | exit (3); |
242 | } | |
243 | if (secure_getenv ("PATH") != NULL) | |
244 | { | |
2bc13872 | 245 | printf ("PATH variable not filtered out\n"); |
84b3fd84 FW |
246 | exit (4); |
247 | } | |
248 | exit (MAGIC_STATUS); | |
249 | } | |
250 | } | |
251 | ||
c23de0aa FW |
252 | #define PREPARE alternative_main |
253 | #include <support/test-driver.c> |