From: Xiao Yang <yangx.jy@cn.fujitsu.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH] fs/read_all: Clear suplementary groups before droping privileges
Date: Sat, 19 May 2018 17:22:20 +0800 [thread overview]
Message-ID: <1526721740-8382-1-git-send-email-yangx.jy@cn.fujitsu.com> (raw)
In-Reply-To: <20180518170933.GA5094@rei>
Current user(e.g. root) has its own suplementary group set when logged in. Which
means that even when a program sets it's user and group ids to nobody the current
group still stays in the list of supplementary groups, which then is matched for
files with the current group ownership and hence we can still access the file.
For example, if /dev/watchdog has root group ownership and rw group permissions,
running read_all_dev can still open /dev/watchdog and reboot system even after
switching user and group ids from root to nobody.
We need to clear suplementary groups before droping privileges and keep the same
rule as commit 1f011e5 if current user doesn't have the capabilities to clear
suplementary groups.
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
testcases/kernel/fs/read_all/read_all.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/testcases/kernel/fs/read_all/read_all.c b/testcases/kernel/fs/read_all/read_all.c
index a8e1611..acd8e73 100644
--- a/testcases/kernel/fs/read_all/read_all.c
+++ b/testcases/kernel/fs/read_all/read_all.c
@@ -258,6 +258,12 @@ static void maybe_drop_privs(void)
if (!drop_privs)
return;
+ TEST(setgroups(0, NULL));
+ if (TEST_RETURN < 0 && TEST_ERRNO != EPERM) {
+ tst_brk(TBROK | TTERRNO,
+ "Failed to clear suplementary group set");
+ }
+
nobody = SAFE_GETPWNAM("nobody");
TEST(setgid(nobody->pw_gid));
--
1.8.3.1
next prev parent reply other threads:[~2018-05-19 9:22 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-15 9:51 [LTP] [PATCH] read_all: Drop privileges Richard Palethorpe
2018-05-15 10:30 ` Cyril Hrubis
2018-05-15 10:55 ` Richard Palethorpe
2018-05-15 10:57 ` Cyril Hrubis
2018-05-15 11:18 ` Punit Agrawal
2018-05-15 12:34 ` Richard Palethorpe
2018-05-15 11:23 ` Punit Agrawal
2018-05-16 9:39 ` Xiao Yang
2018-05-16 11:44 ` Cyril Hrubis
2018-05-17 10:20 ` Xiao Yang
2018-05-18 17:09 ` Cyril Hrubis
2018-05-19 9:04 ` Xiao Yang
2018-05-19 9:22 ` Xiao Yang [this message]
2018-05-22 10:26 ` [LTP] [PATCH] fs/read_all: Clear suplementary groups before droping privileges Richard Palethorpe
2018-05-22 10:56 ` Cyril Hrubis
2018-05-22 10:54 ` Cyril Hrubis
2018-05-15 11:00 ` [LTP] [PATCH v2] read_all: Drop privileges Richard Palethorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1526721740-8382-1-git-send-email-yangx.jy@cn.fujitsu.com \
--to=yangx.jy@cn.fujitsu.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.