[thirdparty/glibc.git] / stdlib / tst-secure-getenv.c

/* Copyright (C) 2012-2019 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <https://www.gnu.org/licenses/>.  */

/* Test that secure_getenv works by invoking the test as a SGID
   program with a group ID from the supplementary group list.  This
   test can fail spuriously if the user is not a member of a suitable
   supplementary group.  */

#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <unistd.h>

#include <support/support.h>
#include <support/test-driver.h>

static char MAGIC_ARGUMENT[] = "run-actual-test";
#define MAGIC_STATUS 19

/* Return a GID which is not our current GID, but is present in the
   supplementary group list.  */
static gid_t
choose_gid (void)
{
  int count = getgroups (0, NULL);
  if (count < 0)
    {
      printf ("getgroups: %m\n");
      exit (1);
    }
  gid_t *groups;
  groups = xcalloc (count, sizeof (*groups));
  int ret = getgroups (count, groups);
  if (ret < 0)
    {
      printf ("getgroups: %m\n");
      exit (1);
    }
  gid_t current = getgid ();
  gid_t not_current = 0;
  for (int i = 0; i < ret; ++i)
    {
      if (groups[i] != current)
        {
          not_current = groups[i];
          break;
        }
    }
  free (groups);
  return not_current;
}


/* Copies the executable into a restricted directory, so that we can
   safely make it SGID with the TARGET group ID.  Then runs the
   executable.  */
static int
run_executable_sgid (gid_t target)
{
  char *dirname = xasprintf ("%s/secure-getenv.%jd",
			     test_dir, (intmax_t) getpid ());
  char *execname = xasprintf ("%s/bin", dirname);
  int infd = -1;
  int outfd = -1;
  int ret = -1;
  if (mkdir (dirname, 0700) < 0)
    {
      printf ("mkdir: %m\n");
      goto err;
    }
  infd = open ("/proc/self/exe", O_RDONLY);
  if (infd < 0)
    {
      printf ("open (/proc/self/exe): %m\n");
      goto err;
    }
  outfd = open (execname, O_WRONLY | O_CREAT | O_EXCL, 0700);
  if (outfd < 0)
    {
      printf ("open (%s): %m\n", execname);
      goto err;
    }
  char buf[4096];
  for (;;)
    {
      ssize_t rdcount = read (infd, buf, sizeof (buf));
      if (rdcount < 0)
	{
	  printf ("read: %m\n");
	  goto err;
	}
      if (rdcount == 0)
	break;
      char *p = buf;
      char *end = buf + rdcount;
      while (p != end)
	{
	  ssize_t wrcount = write (outfd, buf, end - p);
	  if (wrcount == 0)
	    errno = ENOSPC;
	  if (wrcount <= 0)
	    {
	      printf ("write: %m\n");
	      goto err;
	    }
	  p += wrcount;
	}
    }
  if (fchown (outfd, getuid (), target) < 0)
    {
      printf ("fchown (%s): %m\n", execname);
      goto err;
    }
  if (fchmod (outfd, 02750) < 0)
    {
      printf ("fchmod (%s): %m\n", execname);
      goto err;
    }
  if (close (outfd) < 0)
    {
      printf ("close (outfd): %m\n");
      goto err;
    }
  if (close (infd) < 0)
    {
      printf ("close (infd): %m\n");
      goto err;
    }

  int kid = fork ();
  if (kid < 0)
    {
      printf ("fork: %m\n");
      goto err;
    }
  if (kid == 0)
    {
      /* Child process.  */
      char *args[] = { execname, MAGIC_ARGUMENT, NULL };
      execve (execname, args, environ);
      printf ("execve (%s): %m\n", execname);
      _exit (1);
    }
  int status;
  if (waitpid (kid, &status, 0) < 0)
    {
      printf ("waitpid: %m\n");
      goto err;
    }
  if (!WIFEXITED (status) || WEXITSTATUS (status) != MAGIC_STATUS)
    {
      printf ("Unexpected exit status %d from child process\n",
	      status);
      goto err;
    }
  ret = 0;

err:
  if (outfd >= 0)
    close (outfd);
  if (infd >= 0)
    close (infd);
  if (execname)
    {
      unlink (execname);
      free (execname);
    }
  if (dirname)
    {
      rmdir (dirname);
      free (dirname);
    }
  return ret;
}

static int
do_test (void)
{
  if (getenv ("PATH") == NULL)
    {
      printf ("PATH not set\n");
      exit (1);
    }
  if (secure_getenv ("PATH") == NULL)
    {
      printf ("PATH not set according to secure_getenv\n");
      exit (1);
    }
  if (strcmp (getenv ("PATH"), secure_getenv ("PATH")) != 0)
    {
      printf ("PATH mismatch (%s, %s)\n",
	      getenv ("PATH"), secure_getenv ("PATH"));
      exit (1);
    }

  gid_t target = choose_gid ();
  if (target == 0)
    {
      fprintf (stderr,
	       "Could not find a suitable GID for user %jd, skipping test\n",
	       (intmax_t) getuid ());
      exit (0);
    }
  return run_executable_sgid (target);
}

static void
alternative_main (int argc, char **argv)
{
  if (argc == 2 && strcmp (argv[1], MAGIC_ARGUMENT) == 0)
    {
      if (getgid () == getegid ())
	{
	  /* This can happen if the file system is mounted nosuid.  */
	  fprintf (stderr, "SGID failed: GID and EGID match (%jd)\n",
		  (intmax_t) getgid ());
	  exit (MAGIC_STATUS);
	}
      if (getenv ("PATH") == NULL)
	{
	  printf ("PATH variable not present\n");
	  exit (3);
	}
      if (secure_getenv ("PATH") != NULL)
	{
	  printf ("PATH variable not filtered out\n");
	  exit (4);
	}
      exit (MAGIC_STATUS);
    }
}

#define PREPARE alternative_main
#include <support/test-driver.c>
Commit	Line	Data
04277e02	1	/* Copyright (C) 2012-2019 Free Software Foundation, Inc.
84b3fd84 FW	2	This file is part of the GNU C Library.
	3
	4	The GNU C Library is free software; you can redistribute it and/or
	5	modify it under the terms of the GNU Lesser General Public
	6	License as published by the Free Software Foundation; either
	7	version 2.1 of the License, or (at your option) any later version.
	8
	9	The GNU C Library is distributed in the hope that it will be useful,
	10	but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	12	Lesser General Public License for more details.
	13
	14	You should have received a copy of the GNU Lesser General Public
	15	License along with the GNU C Library; if not, see
5a82c748	16	<https://www.gnu.org/licenses/>. */
84b3fd84 FW	17
	18	/* Test that secure_getenv works by invoking the test as a SGID
	19	program with a group ID from the supplementary group list. This
	20	test can fail spuriously if the user is not a member of a suitable
edb3cb88	21	supplementary group. */
84b3fd84 FW	22
	23	#include <errno.h>
	24	#include <fcntl.h>
	25	#include <stdlib.h>
	26	#include <stdint.h>
	27	#include <stdio.h>
	28	#include <string.h>
	29	#include <sys/stat.h>
	30	#include <sys/wait.h>
	31	#include <unistd.h>
	32
c23de0aa FW	33	#include <support/support.h>
	34	#include <support/test-driver.h>
	35
84b3fd84 FW	36	static char MAGIC_ARGUMENT[] = "run-actual-test";
	37	#define MAGIC_STATUS 19
	38
84b3fd84	39	/* Return a GID which is not our current GID, but is present in the
edb3cb88	40	supplementary group list. */
84b3fd84 FW	41	static gid_t
	42	choose_gid (void)
	43	{
bae8cf0e MG	44	int count = getgroups (0, NULL);
	45	if (count < 0)
	46	{
	47	printf ("getgroups: %m\n");
	48	exit (1);
	49	}
	50	gid_t *groups;
	51	groups = xcalloc (count, sizeof (*groups));
84b3fd84 FW	52	int ret = getgroups (count, groups);
	53	if (ret < 0)
	54	{
2bc13872	55	printf ("getgroups: %m\n");
84b3fd84 FW	56	exit (1);
	57	}
	58	gid_t current = getgid ();
bae8cf0e	59	gid_t not_current = 0;
84b3fd84 FW	60	for (int i = 0; i < ret; ++i)
	61	{
	62	if (groups[i] != current)
bae8cf0e MG	63	{
	64	not_current = groups[i];
	65	break;
	66	}
84b3fd84	67	}
bae8cf0e MG	68	free (groups);
bae8cf0e MG	69	return not_current;
84b3fd84 FW	70	}
	71
	72
	73	/* Copies the executable into a restricted directory, so that we can
	74	safely make it SGID with the TARGET group ID. Then runs the
edb3cb88	75	executable. */
84b3fd84 FW	76	static int
	77	run_executable_sgid (gid_t target)
	78	{
c23de0aa FW	79	char *dirname = xasprintf ("%s/secure-getenv.%jd",
	80	test_dir, (intmax_t) getpid ());
	81	char *execname = xasprintf ("%s/bin", dirname);
84b3fd84 FW	82	int infd = -1;
	83	int outfd = -1;
	84	int ret = -1;
84b3fd84 FW	85	if (mkdir (dirname, 0700) < 0)
84b3fd84 FW	86	{
2bc13872	87	printf ("mkdir: %m\n");
84b3fd84 FW	88	goto err;
84b3fd84 FW	89	}
84b3fd84 FW	90	infd = open ("/proc/self/exe", O_RDONLY);
	91	if (infd < 0)
	92	{
2bc13872	93	printf ("open (/proc/self/exe): %m\n");
84b3fd84 FW	94	goto err;
	95	}
	96	outfd = open (execname, O_WRONLY \| O_CREAT \| O_EXCL, 0700);
	97	if (outfd < 0)
	98	{
2bc13872	99	printf ("open (%s): %m\n", execname);
84b3fd84 FW	100	goto err;
	101	}
	102	char buf[4096];
	103	for (;;)
	104	{
	105	ssize_t rdcount = read (infd, buf, sizeof (buf));
	106	if (rdcount < 0)
	107	{
2bc13872	108	printf ("read: %m\n");
84b3fd84 FW	109	goto err;
	110	}
	111	if (rdcount == 0)
	112	break;
	113	char *p = buf;
	114	char *end = buf + rdcount;
	115	while (p != end)
	116	{
	117	ssize_t wrcount = write (outfd, buf, end - p);
	118	if (wrcount == 0)
	119	errno = ENOSPC;
	120	if (wrcount <= 0)
	121	{
2bc13872	122	printf ("write: %m\n");
84b3fd84 FW	123	goto err;
	124	}
	125	p += wrcount;
	126	}
	127	}
	128	if (fchown (outfd, getuid (), target) < 0)
	129	{
2bc13872	130	printf ("fchown (%s): %m\n", execname);
84b3fd84 FW	131	goto err;
	132	}
	133	if (fchmod (outfd, 02750) < 0)
	134	{
2bc13872	135	printf ("fchmod (%s): %m\n", execname);
84b3fd84 FW	136	goto err;
	137	}
	138	if (close (outfd) < 0)
	139	{
2bc13872	140	printf ("close (outfd): %m\n");
84b3fd84 FW	141	goto err;
	142	}
	143	if (close (infd) < 0)
	144	{
2bc13872	145	printf ("close (infd): %m\n");
84b3fd84 FW	146	goto err;
	147	}
	148
	149	int kid = fork ();
	150	if (kid < 0)
	151	{
2bc13872	152	printf ("fork: %m\n");
84b3fd84 FW	153	goto err;
	154	}
	155	if (kid == 0)
	156	{
edb3cb88	157	/* Child process. */
84b3fd84 FW	158	char *args[] = { execname, MAGIC_ARGUMENT, NULL };
84b3fd84 FW	159	execve (execname, args, environ);
2bc13872	160	printf ("execve (%s): %m\n", execname);
84b3fd84 FW	161	_exit (1);
	162	}
	163	int status;
	164	if (waitpid (kid, &status, 0) < 0)
	165	{
2bc13872	166	printf ("waitpid: %m\n");
84b3fd84 FW	167	goto err;
	168	}
	169	if (!WIFEXITED (status) \|\| WEXITSTATUS (status) != MAGIC_STATUS)
	170	{
2bc13872 FW	171	printf ("Unexpected exit status %d from child process\n",
2bc13872 FW	172	status);
84b3fd84 FW	173	goto err;
	174	}
	175	ret = 0;
	176
	177	err:
	178	if (outfd >= 0)
	179	close (outfd);
	180	if (infd >= 0)
	181	close (infd);
	182	if (execname)
	183	{
	184	unlink (execname);
	185	free (execname);
	186	}
	187	if (dirname)
	188	{
	189	rmdir (dirname);
	190	free (dirname);
	191	}
	192	return ret;
	193	}
	194
	195	static int
	196	do_test (void)
	197	{
	198	if (getenv ("PATH") == NULL)
	199	{
2bc13872	200	printf ("PATH not set\n");
84b3fd84 FW	201	exit (1);
	202	}
	203	if (secure_getenv ("PATH") == NULL)
	204	{
2bc13872	205	printf ("PATH not set according to secure_getenv\n");
84b3fd84 FW	206	exit (1);
	207	}
	208	if (strcmp (getenv ("PATH"), secure_getenv ("PATH")) != 0)
	209	{
2bc13872 FW	210	printf ("PATH mismatch (%s, %s)\n",
2bc13872 FW	211	getenv ("PATH"), secure_getenv ("PATH"));
84b3fd84 FW	212	exit (1);
	213	}
	214
	215	gid_t target = choose_gid ();
	216	if (target == 0)
	217	{
2bc13872 FW	218	fprintf (stderr,
2bc13872 FW	219	"Could not find a suitable GID for user %jd, skipping test\n",
84b3fd84	220	(intmax_t) getuid ());
2bc13872	221	exit (0);
84b3fd84 FW	222	}
	223	return run_executable_sgid (target);
	224	}
	225
	226	static void
	227	alternative_main (int argc, char **argv)
	228	{
	229	if (argc == 2 && strcmp (argv[1], MAGIC_ARGUMENT) == 0)
	230	{
	231	if (getgid () == getegid ())
	232	{
edb3cb88	233	/* This can happen if the file system is mounted nosuid. */
29237804	234	fprintf (stderr, "SGID failed: GID and EGID match (%jd)\n",
2bc13872	235	(intmax_t) getgid ());
29237804	236	exit (MAGIC_STATUS);
84b3fd84 FW	237	}
	238	if (getenv ("PATH") == NULL)
	239	{
2bc13872	240	printf ("PATH variable not present\n");
84b3fd84 FW	241	exit (3);
	242	}
	243	if (secure_getenv ("PATH") != NULL)
	244	{
2bc13872	245	printf ("PATH variable not filtered out\n");
84b3fd84 FW	246	exit (4);
	247	}
	248	exit (MAGIC_STATUS);
	249	}
	250	}
	251
c23de0aa FW	252	#define PREPARE alternative_main
c23de0aa FW	253	#include <support/test-driver.c>