* [PATCH] selftests/capabilities: Fix the test_execve test
@ 2017-06-29 15:46 Andy Lutomirski
2017-06-29 16:32 ` Eric W. Biederman
2017-06-29 16:55 ` Greg KH
0 siblings, 2 replies; 4+ messages in thread
From: Andy Lutomirski @ 2017-06-29 15:46 UTC (permalink / raw)
To: Naresh Kamboju, Shuah Khan
Cc: Andy Lutomirski, stable, Eric W. Biederman, Kees Cook, Greg KH,
linux-kselftest
test_execve does rather odd mount manipulations to safely create
temporary setuid and setgid executables that aren't visible to the
rest of the system. Those executables end up in the test's cwd, but
that cwd is MNT_DETACHed.
The core namespace code considers MNT_DETACHed trees to belong to no
mount namespace at all and, in general, MNT_DETACHed trees are only
barely function. This interacted with commit 380cf5ba6b0a ("fs:
Treat foreign mounts as nosuid") to cause all MNT_DETACHed trees to
act as though they're nosuid, breaking the test.
Fix it by just not detaching the tree. It's still in a private
mount namespace and is therefore still invisible to the rest of the
system (except via /proc, and the same nosuid logic will protect all
other programs on the system from believing in test_execve's setuid
bits).
While we're at it, fix some blatant whitespace problems.
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Fixes: 380cf5ba6b0a ("fs: Treat foreign mounts as nosuid")
Cc: stable@vger.kernel.org
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Shuah Khan <shuahkh@osg.samsung.com>
Cc: Greg KH <greg@kroah.com>
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
tools/testing/selftests/capabilities/test_execve.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/capabilities/test_execve.c b/tools/testing/selftests/capabilities/test_execve.c
index 10a21a958aaf..763f37fecfb8 100644
--- a/tools/testing/selftests/capabilities/test_execve.c
+++ b/tools/testing/selftests/capabilities/test_execve.c
@@ -138,9 +138,6 @@ static void chdir_to_tmpfs(void)
if (chdir(cwd) != 0)
err(1, "chdir to private tmpfs");
-
- if (umount2(".", MNT_DETACH) != 0)
- err(1, "detach private tmpfs");
}
static void copy_fromat_to(int fromfd, const char *fromname, const char *toname)
@@ -248,7 +245,7 @@ static int do_tests(int uid, const char *our_path)
err(1, "chown");
if (chmod("validate_cap_sgidnonroot", S_ISGID | 0710) != 0)
err(1, "chmod");
-}
+ }
capng_get_caps_process();
@@ -384,7 +381,7 @@ static int do_tests(int uid, const char *our_path)
} else {
printf("[RUN]\tNon-root +ia, sgidnonroot => i\n");
exec_other_validate_cap("./validate_cap_sgidnonroot",
- false, false, true, false);
+ false, false, true, false);
if (fork_wait()) {
printf("[RUN]\tNon-root +ia, sgidroot => i\n");
--
2.9.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] selftests/capabilities: Fix the test_execve test
2017-06-29 15:46 [PATCH] selftests/capabilities: Fix the test_execve test Andy Lutomirski
@ 2017-06-29 16:32 ` Eric W. Biederman
2017-06-29 16:55 ` Greg KH
1 sibling, 0 replies; 4+ messages in thread
From: Eric W. Biederman @ 2017-06-29 16:32 UTC (permalink / raw)
To: Andy Lutomirski
Cc: Naresh Kamboju, Shuah Khan, stable, Kees Cook, Greg KH, linux-kselftest
Andy Lutomirski <luto@kernel.org> writes:
> test_execve does rather odd mount manipulations to safely create
> temporary setuid and setgid executables that aren't visible to the
> rest of the system. Those executables end up in the test's cwd, but
> that cwd is MNT_DETACHed.
>
> The core namespace code considers MNT_DETACHed trees to belong to no
> mount namespace at all and, in general, MNT_DETACHed trees are only
> barely function. This interacted with commit 380cf5ba6b0a ("fs:
> Treat foreign mounts as nosuid") to cause all MNT_DETACHed trees to
> act as though they're nosuid, breaking the test.
>
> Fix it by just not detaching the tree. It's still in a private
> mount namespace and is therefore still invisible to the rest of the
> system (except via /proc, and the same nosuid logic will protect all
> other programs on the system from believing in test_execve's setuid
> bits).
>
> While we're at it, fix some blatant whitespace problems.
>
> Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
> Fixes: 380cf5ba6b0a ("fs: Treat foreign mounts as nosuid")
> Cc: stable@vger.kernel.org
> Cc: "Eric W. Biederman" <ebiederm@xmission.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Shuah Khan <shuahkh@osg.samsung.com>
> Cc: Greg KH <greg@kroah.com>
> Cc: linux-kselftest@vger.kernel.org
> Signed-off-by: Andy Lutomirski <luto@kernel.org>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
> ---
> tools/testing/selftests/capabilities/test_execve.c | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/tools/testing/selftests/capabilities/test_execve.c b/tools/testing/selftests/capabilities/test_execve.c
> index 10a21a958aaf..763f37fecfb8 100644
> --- a/tools/testing/selftests/capabilities/test_execve.c
> +++ b/tools/testing/selftests/capabilities/test_execve.c
> @@ -138,9 +138,6 @@ static void chdir_to_tmpfs(void)
>
> if (chdir(cwd) != 0)
> err(1, "chdir to private tmpfs");
> -
> - if (umount2(".", MNT_DETACH) != 0)
> - err(1, "detach private tmpfs");
> }
>
> static void copy_fromat_to(int fromfd, const char *fromname, const char *toname)
> @@ -248,7 +245,7 @@ static int do_tests(int uid, const char *our_path)
> err(1, "chown");
> if (chmod("validate_cap_sgidnonroot", S_ISGID | 0710) != 0)
> err(1, "chmod");
> -}
> + }
>
> capng_get_caps_process();
>
> @@ -384,7 +381,7 @@ static int do_tests(int uid, const char *our_path)
> } else {
> printf("[RUN]\tNon-root +ia, sgidnonroot => i\n");
> exec_other_validate_cap("./validate_cap_sgidnonroot",
> - false, false, true, false);
> + false, false, true, false);
>
> if (fork_wait()) {
> printf("[RUN]\tNon-root +ia, sgidroot => i\n");
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] selftests/capabilities: Fix the test_execve test
2017-06-29 15:46 [PATCH] selftests/capabilities: Fix the test_execve test Andy Lutomirski
2017-06-29 16:32 ` Eric W. Biederman
@ 2017-06-29 16:55 ` Greg KH
2017-06-29 20:41 ` Shuah Khan
1 sibling, 1 reply; 4+ messages in thread
From: Greg KH @ 2017-06-29 16:55 UTC (permalink / raw)
To: Andy Lutomirski
Cc: Naresh Kamboju, Shuah Khan, stable, Eric W. Biederman, Kees Cook,
linux-kselftest
On Thu, Jun 29, 2017 at 08:46:12AM -0700, Andy Lutomirski wrote:
> test_execve does rather odd mount manipulations to safely create
> temporary setuid and setgid executables that aren't visible to the
> rest of the system. Those executables end up in the test's cwd, but
> that cwd is MNT_DETACHed.
>
> The core namespace code considers MNT_DETACHed trees to belong to no
> mount namespace at all and, in general, MNT_DETACHed trees are only
> barely function. This interacted with commit 380cf5ba6b0a ("fs:
> Treat foreign mounts as nosuid") to cause all MNT_DETACHed trees to
> act as though they're nosuid, breaking the test.
>
> Fix it by just not detaching the tree. It's still in a private
> mount namespace and is therefore still invisible to the rest of the
> system (except via /proc, and the same nosuid logic will protect all
> other programs on the system from believing in test_execve's setuid
> bits).
>
> While we're at it, fix some blatant whitespace problems.
>
> Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
> Fixes: 380cf5ba6b0a ("fs: Treat foreign mounts as nosuid")
> Cc: stable@vger.kernel.org
> Cc: "Eric W. Biederman" <ebiederm@xmission.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Shuah Khan <shuahkh@osg.samsung.com>
> Cc: Greg KH <greg@kroah.com>
> Cc: linux-kselftest@vger.kernel.org
> Signed-off-by: Andy Lutomirski <luto@kernel.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Thanks for fixing this!
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] selftests/capabilities: Fix the test_execve test
2017-06-29 16:55 ` Greg KH
@ 2017-06-29 20:41 ` Shuah Khan
0 siblings, 0 replies; 4+ messages in thread
From: Shuah Khan @ 2017-06-29 20:41 UTC (permalink / raw)
To: Greg KH, Andy Lutomirski
Cc: Naresh Kamboju, stable, Eric W. Biederman, Kees Cook,
linux-kselftest, Shuah Khan, Shuah Khan
On 06/29/2017 10:55 AM, Greg KH wrote:
> On Thu, Jun 29, 2017 at 08:46:12AM -0700, Andy Lutomirski wrote:
>> test_execve does rather odd mount manipulations to safely create
>> temporary setuid and setgid executables that aren't visible to the
>> rest of the system. Those executables end up in the test's cwd, but
>> that cwd is MNT_DETACHed.
>>
>> The core namespace code considers MNT_DETACHed trees to belong to no
>> mount namespace at all and, in general, MNT_DETACHed trees are only
>> barely function. This interacted with commit 380cf5ba6b0a ("fs:
>> Treat foreign mounts as nosuid") to cause all MNT_DETACHed trees to
>> act as though they're nosuid, breaking the test.
>>
>> Fix it by just not detaching the tree. It's still in a private
>> mount namespace and is therefore still invisible to the rest of the
>> system (except via /proc, and the same nosuid logic will protect all
>> other programs on the system from believing in test_execve's setuid
>> bits).
>>
>> While we're at it, fix some blatant whitespace problems.
>>
>> Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
>> Fixes: 380cf5ba6b0a ("fs: Treat foreign mounts as nosuid")
>> Cc: stable@vger.kernel.org
>> Cc: "Eric W. Biederman" <ebiederm@xmission.com>
>> Cc: Kees Cook <keescook@chromium.org>
>> Cc: Shuah Khan <shuahkh@osg.samsung.com>
>> Cc: Greg KH <greg@kroah.com>
>> Cc: linux-kselftest@vger.kernel.org
>> Signed-off-by: Andy Lutomirski <luto@kernel.org>
>
> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> Thanks for fixing this!
>
Thanks Andy for the fix. It is now in linux-kselftest next for 4.13-rc1
-- Shuah
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-06-29 20:41 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-29 15:46 [PATCH] selftests/capabilities: Fix the test_execve test Andy Lutomirski
2017-06-29 16:32 ` Eric W. Biederman
2017-06-29 16:55 ` Greg KH
2017-06-29 20:41 ` Shuah Khan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.