* [LTP] [PATCH v3 1/3] lib: Add personality fallback and SAFE macro
@ 2017-08-01 13:26 Richard Palethorpe
2017-08-01 13:27 ` [LTP] [PATCH v3 2/3] CVE-2012-0957: Use SAFE_PERSONALITY Richard Palethorpe
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Richard Palethorpe @ 2017-08-01 13:26 UTC (permalink / raw)
To: ltp
Add the macro SAFE_PERSONALITY as well as fallback logic for if
<sys/personality.h> is missing or incomplete.
Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
---
V3 - Use the renamed lapi/syscalls.h header
configure.ac | 3 +++
include/lapi/personality.h | 53 ++++++++++++++++++++++++++++++++++++++++++++++
include/tst_personality.h | 28 ++++++++++++++++++++++++
lib/tst_personality.c | 33 +++++++++++++++++++++++++++++
m4/ltp-personality.m4 | 24 +++++++++++++++++++++
5 files changed, 141 insertions(+)
create mode 100644 include/lapi/personality.h
create mode 100644 include/tst_personality.h
create mode 100644 lib/tst_personality.c
create mode 100644 m4/ltp-personality.m4
diff --git a/configure.ac b/configure.ac
index 223241c78..c0e39ad64 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,10 +37,12 @@ AC_CHECK_HEADERS([ \
mm.h \
pthread.h \
sys/xattr.h \
+ sys/personality.h \
linux/genetlink.h \
linux/mempolicy.h \
linux/module.h \
linux/netlink.h \
+ linux/personality.h \
sys/epoll.h \
sys/inotify.h \
sys/fanotify.h \
@@ -193,5 +195,6 @@ LTP_CHECK_SYNC_ADD_AND_FETCH
LTP_CHECK_BUILTIN_CLEAR_CACHE
LTP_CHECK_MMSGHDR
LTP_CHECK_UNAME_DOMAINNAME
+LTP_CHECK_PERSONALITY
AC_OUTPUT
diff --git a/include/lapi/personality.h b/include/lapi/personality.h
new file mode 100644
index 000000000..11d2fc08b
--- /dev/null
+++ b/include/lapi/personality.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+/* In the Linux kernel and glibc enums are (mostly) used for the constants,
+ * but in musl macros are used.
+ */
+
+#ifndef PERSONALITY_H
+#define PERSONALITY_H
+
+#include "config.h"
+
+#if defined(HAVE_SYS_PERSONALITY_H)
+#include <sys/personality.h>
+#elif defined(HAVE_LINUX_PERSONALITY_H)
+#include <linux/personality.h>
+#endif
+
+#ifndef HAVE_SYS_PERSONALITY_H
+#include "lapi/syscalls.h"
+
+static int personality(unsigned long persona)
+{
+ return tst_syscall(__NR_personality, persona);
+}
+#endif
+
+#if !(HAVE_DECL_UNAME26 == 1 || defined(UNAME26))
+#define UNAME26 0x0020000
+#endif
+
+#if !(HAVE_DECL_READ_IMPLIES_EXEC == 1 || defined(READ_IMPLIES_EXEC))
+#define READ_IMPLIES_EXEC 0x0400000
+#endif
+
+#if !(HAVE_DECL_PER_LINUX == 1 || defined(PER_LINUX))
+#define PER_LINUX 0
+#endif
+
+#endif /* PERSONALITY_H */
diff --git a/include/tst_personality.h b/include/tst_personality.h
new file mode 100644
index 000000000..ff61f4607
--- /dev/null
+++ b/include/tst_personality.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef TST_PERSONALITY__
+#define TST_PERSONALITY__
+
+#include "lapi/personality.h"
+
+int tst_personality(const char *filename, unsigned int lineno,
+ unsigned long persona);
+
+#define SAFE_PERSONALITY(persona) tst_personality(__FILE__, __LINE__, persona)
+
+#endif
diff --git a/lib/tst_personality.c b/lib/tst_personality.c
new file mode 100644
index 000000000..3f64331db
--- /dev/null
+++ b/lib/tst_personality.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#define TST_NO_DEFAULT_MAIN
+#include "tst_test.h"
+#include "tst_personality.h"
+
+int tst_personality(const char *filename, unsigned int lineno,
+ unsigned long persona)
+{
+ int prev_persona = personality(persona);
+
+ if (prev_persona < 0) {
+ tst_brk_(filename, lineno, TBROK | TERRNO,
+ "persona(%ld) failed", persona);
+ }
+
+ return prev_persona;
+}
diff --git a/m4/ltp-personality.m4 b/m4/ltp-personality.m4
new file mode 100644
index 000000000..78a3bc231
--- /dev/null
+++ b/m4/ltp-personality.m4
@@ -0,0 +1,24 @@
+dnl Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com>
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
+dnl the GNU General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+AC_DEFUN([LTP_CHECK_PERSONALITY],[
+AC_CHECK_DECLS([UNAME26,READ_IMPLIES_EXEC,PER_LINUX],,,[
+#if defined(HAVE_SYS_PERSONALITY_H)
+#include <sys/personality.h>
+#elif defined(HAVE_LINUX_PERSONALITY_H)
+#include <linux/personality.h>
+#endif
+])
+])
--
2.13.3
^ permalink raw reply related [flat|nested] 5+ messages in thread* [LTP] [PATCH v3 2/3] CVE-2012-0957: Use SAFE_PERSONALITY
2017-08-01 13:26 [LTP] [PATCH v3 1/3] lib: Add personality fallback and SAFE macro Richard Palethorpe
@ 2017-08-01 13:27 ` Richard Palethorpe
2017-08-01 13:27 ` [LTP] [PATCH v3 3/3] Test for CVE-2016-10044 mark AIO pseudo-fs noexec Richard Palethorpe
2017-08-04 13:32 ` [LTP] [PATCH v3 1/3] lib: Add personality fallback and SAFE macro Cyril Hrubis
2 siblings, 0 replies; 5+ messages in thread
From: Richard Palethorpe @ 2017-08-01 13:27 UTC (permalink / raw)
To: ltp
Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
---
testcases/cve/cve-2012-0957.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/testcases/cve/cve-2012-0957.c b/testcases/cve/cve-2012-0957.c
index f065735a1..3b92325d6 100644
--- a/testcases/cve/cve-2012-0957.c
+++ b/testcases/cve/cve-2012-0957.c
@@ -26,10 +26,8 @@
#include <string.h>
#include <sys/utsname.h>
-#include <sys/personality.h>
#include "tst_test.h"
-
-#define UNAME26 0x0020000
+#include "tst_personality.h"
static int check_field(char *bytes, size_t length, char *field)
{
@@ -75,9 +73,7 @@ static void run(unsigned int test_nr)
tst_res(TINFO, "Calling uname with default personality");
try_leak_bytes();
} else {
- if (personality(PER_LINUX | UNAME26) < 0)
- tst_brk(TCONF | TERRNO,
- "Could not change personality to UNAME26");
+ SAFE_PERSONALITY(PER_LINUX | UNAME26);
tst_res(TINFO, "Calling uname with UNAME26 personality");
try_leak_bytes();
}
--
2.13.3
^ permalink raw reply related [flat|nested] 5+ messages in thread* [LTP] [PATCH v3 3/3] Test for CVE-2016-10044 mark AIO pseudo-fs noexec
2017-08-01 13:26 [LTP] [PATCH v3 1/3] lib: Add personality fallback and SAFE macro Richard Palethorpe
2017-08-01 13:27 ` [LTP] [PATCH v3 2/3] CVE-2012-0957: Use SAFE_PERSONALITY Richard Palethorpe
@ 2017-08-01 13:27 ` Richard Palethorpe
2017-08-04 13:47 ` Cyril Hrubis
2017-08-04 13:32 ` [LTP] [PATCH v3 1/3] lib: Add personality fallback and SAFE macro Cyril Hrubis
2 siblings, 1 reply; 5+ messages in thread
From: Richard Palethorpe @ 2017-08-01 13:27 UTC (permalink / raw)
To: ltp
Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
---
runtest/cve | 1 +
testcases/cve/.gitignore | 1 +
testcases/cve/cve-2016-10044.c | 76 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 78 insertions(+)
create mode 100644 testcases/cve/cve-2016-10044.c
diff --git a/runtest/cve b/runtest/cve
index 6e3e52d3a..b487c7d0f 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -4,6 +4,7 @@ cve-2014-0196 cve-2014-0196
cve-2016-4997 cve-2016-4997
cve-2016-5195 dirtyc0w
cve-2016-7117 cve-2016-7117
+cve-2016-10044 cve-2016-10044
cve-2017-2671 cve-2017-2671
cve-2017-5669 cve-2017-5669
cve-2017-6951 cve-2017-6951
diff --git a/testcases/cve/.gitignore b/testcases/cve/.gitignore
index 298cf81f2..2b514bd1a 100644
--- a/testcases/cve/.gitignore
+++ b/testcases/cve/.gitignore
@@ -2,6 +2,7 @@ cve-2012-0957
cve-2014-0196
cve-2016-4997
cve-2016-7117
+cve-2016-10044
cve-2017-2671
cve-2017-6951
cve-2017-5669
diff --git a/testcases/cve/cve-2016-10044.c b/testcases/cve/cve-2016-10044.c
new file mode 100644
index 000000000..ffbe44fdc
--- /dev/null
+++ b/testcases/cve/cve-2016-10044.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com>
+ * Copyright (c) 2016 Jan Horn <jann@thejh.net>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+/*
+ * Test for CVE-2016-10044, which was fixed in commit
+ * 22f6b4d34fcf039c aio: mark AIO pseudo-fs noexec.
+ *
+ * The test checks that we can not implicitly mark AIO mappings as
+ * executable using the READ_IMPLIES_EXEC personality.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include "lapi/syscalls.h"
+#include "tst_test.h"
+#include "tst_personality.h"
+#include "tst_safe_stdio.h"
+
+#define CONV_STR "%*x-%*x %s7"
+
+static FILE *f;
+
+static void cleanup(void)
+{
+ if (f != NULL)
+ SAFE_FCLOSE(f);
+}
+
+static void run(void)
+{
+ uint64_t ctx = 0;
+ pid_t pid = getpid();
+ char perms[8], line[BUFSIZ];
+ char maps_path[256];
+
+ SAFE_PERSONALITY(READ_IMPLIES_EXEC);
+ if (tst_syscall(__NR_io_setup, 1, &ctx))
+ tst_brk(TBROK | TERRNO, "Failed to create AIO context");
+
+ snprintf(maps_path, sizeof(maps_path), "/proc/%d/maps", pid);
+ f = SAFE_FOPEN(maps_path, "r");
+ while (fgets(line, BUFSIZ, f) != NULL) {
+ if (strstr(line, "/[aio]") != NULL)
+ goto found_mapping;
+ }
+ tst_brk(TBROK, "Could not find mapping in %s", maps_path);
+
+found_mapping:
+ if (sscanf(line, CONV_STR, perms) < 0)
+ tst_brk(TBROK, "failed find permission string in %s", line);
+ if (strchr(perms, (int)'x'))
+ tst_res(TFAIL, "AIO mapping is executable: %s!", perms);
+ else
+ tst_res(TPASS, "AIO mapping is not executable: %s", perms);
+}
+
+static struct tst_test test = {
+ .test_all = run,
+ .cleanup = cleanup,
+ .min_kver = "2.6.8",
+};
--
2.13.3
^ permalink raw reply related [flat|nested] 5+ messages in thread* [LTP] [PATCH v3 3/3] Test for CVE-2016-10044 mark AIO pseudo-fs noexec
2017-08-01 13:27 ` [LTP] [PATCH v3 3/3] Test for CVE-2016-10044 mark AIO pseudo-fs noexec Richard Palethorpe
@ 2017-08-04 13:47 ` Cyril Hrubis
0 siblings, 0 replies; 5+ messages in thread
From: Cyril Hrubis @ 2017-08-04 13:47 UTC (permalink / raw)
To: ltp
Hi!
> +#include <stdio.h>
> +#include <stdint.h>
> +#include <string.h>
> +#include "lapi/syscalls.h"
> +#include "tst_test.h"
> +#include "tst_personality.h"
> +#include "tst_safe_stdio.h"
> +
> +#define CONV_STR "%*x-%*x %s7"
> +
> +static FILE *f;
> +
> +static void cleanup(void)
> +{
> + if (f != NULL)
Could be just
if (f)
SAFE_CLOSE(f);
> + SAFE_FCLOSE(f);
> +}
> +
> +static void run(void)
> +{
> + uint64_t ctx = 0;
> + pid_t pid = getpid();
> + char perms[8], line[BUFSIZ];
> + char maps_path[256];
> +
> + SAFE_PERSONALITY(READ_IMPLIES_EXEC);
> + if (tst_syscall(__NR_io_setup, 1, &ctx))
> + tst_brk(TBROK | TERRNO, "Failed to create AIO context");
> +
> + snprintf(maps_path, sizeof(maps_path), "/proc/%d/maps", pid);
You can use the "/proc/self/maps" insetad and save yourself getpid() and
snprintf().
> + f = SAFE_FOPEN(maps_path, "r");
> + while (fgets(line, BUFSIZ, f) != NULL) {
> + if (strstr(line, "/[aio]") != NULL)
> + goto found_mapping;
> + }
Here again, the != NULL is redundant.
> + tst_brk(TBROK, "Could not find mapping in %s", maps_path);
> +
> +found_mapping:
> + if (sscanf(line, CONV_STR, perms) < 0)
> + tst_brk(TBROK, "failed find permission string in %s", line);
I fail to see why is the CONV_STR defined as a macro?
It's not like we use it twice or something.
> + if (strchr(perms, (int)'x'))
> + tst_res(TFAIL, "AIO mapping is executable: %s!", perms);
> + else
> + tst_res(TPASS, "AIO mapping is not executable: %s", perms);
> +}
> +
> +static struct tst_test test = {
> + .test_all = run,
> + .cleanup = cleanup,
> + .min_kver = "2.6.8",
> +};
> --
> 2.13.3
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 5+ messages in thread
* [LTP] [PATCH v3 1/3] lib: Add personality fallback and SAFE macro
2017-08-01 13:26 [LTP] [PATCH v3 1/3] lib: Add personality fallback and SAFE macro Richard Palethorpe
2017-08-01 13:27 ` [LTP] [PATCH v3 2/3] CVE-2012-0957: Use SAFE_PERSONALITY Richard Palethorpe
2017-08-01 13:27 ` [LTP] [PATCH v3 3/3] Test for CVE-2016-10044 mark AIO pseudo-fs noexec Richard Palethorpe
@ 2017-08-04 13:32 ` Cyril Hrubis
2 siblings, 0 replies; 5+ messages in thread
From: Cyril Hrubis @ 2017-08-04 13:32 UTC (permalink / raw)
To: ltp
Hi!
> +#ifndef HAVE_SYS_PERSONALITY_H
> +#include "lapi/syscalls.h"
> +
> +static int personality(unsigned long persona)
> +{
> + return tst_syscall(__NR_personality, persona);
> +}
> +#endif
Do we really need fallback personality() syscall? We do have tests that
call personality() syscall in LTP tree since forever and I do not
recall any problems.
All that should be needed here are plain old fallback definitions for
the few constants that may not be present on older distros.
I guess that UNAME26 would need it since that one is not present in the
sys/personality header. PER_LINUX should be defined for years as well as
READ_IMPLIES_EXEC.
> +#if !(HAVE_DECL_UNAME26 == 1 || defined(UNAME26))
> +#define UNAME26 0x0020000
> +#endif
> +
> +#if !(HAVE_DECL_READ_IMPLIES_EXEC == 1 || defined(READ_IMPLIES_EXEC))
> +#define READ_IMPLIES_EXEC 0x0400000
> +#endif
> +
> +#if !(HAVE_DECL_PER_LINUX == 1 || defined(PER_LINUX))
> +#define PER_LINUX 0
> +#endif
> +
> +#endif /* PERSONALITY_H */
> diff --git a/include/tst_personality.h b/include/tst_personality.h
> new file mode 100644
> index 000000000..ff61f4607
> --- /dev/null
> +++ b/include/tst_personality.h
> @@ -0,0 +1,28 @@
> +/*
> + * Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com>
> + *
> + * This program is free software: you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation, either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef TST_PERSONALITY__
> +#define TST_PERSONALITY__
> +
> +#include "lapi/personality.h"
> +
> +int tst_personality(const char *filename, unsigned int lineno,
> + unsigned long persona);
^
This should be called safe_personality() for consistency
reasons.
And we may as well put it into the tst_safe_macros.h and safe_macros.c,
there is no good reason to keep it in a separate file as far as I can
tell.
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-08-04 13:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-01 13:26 [LTP] [PATCH v3 1/3] lib: Add personality fallback and SAFE macro Richard Palethorpe
2017-08-01 13:27 ` [LTP] [PATCH v3 2/3] CVE-2012-0957: Use SAFE_PERSONALITY Richard Palethorpe
2017-08-01 13:27 ` [LTP] [PATCH v3 3/3] Test for CVE-2016-10044 mark AIO pseudo-fs noexec Richard Palethorpe
2017-08-04 13:47 ` Cyril Hrubis
2017-08-04 13:32 ` [LTP] [PATCH v3 1/3] lib: Add personality fallback and SAFE macro Cyril Hrubis
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.