1*57718be8SEnji Cooper /* $NetBSD: t_unpriv.c,v 1.11 2014/08/29 17:39:18 gson Exp $ */ 2*57718be8SEnji Cooper 3*57718be8SEnji Cooper /*- 4*57718be8SEnji Cooper * Copyright (c) 2011 The NetBSD Foundation, Inc. 5*57718be8SEnji Cooper * All rights reserved. 6*57718be8SEnji Cooper * 7*57718be8SEnji Cooper * Redistribution and use in source and binary forms, with or without 8*57718be8SEnji Cooper * modification, are permitted provided that the following conditions 9*57718be8SEnji Cooper * are met: 10*57718be8SEnji Cooper * 1. Redistributions of source code must retain the above copyright 11*57718be8SEnji Cooper * notice, this list of conditions and the following disclaimer. 12*57718be8SEnji Cooper * 2. Redistributions in binary form must reproduce the above copyright 13*57718be8SEnji Cooper * notice, this list of conditions and the following disclaimer in the 14*57718be8SEnji Cooper * documentation and/or other materials provided with the distribution. 15*57718be8SEnji Cooper * 16*57718be8SEnji Cooper * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17*57718be8SEnji Cooper * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18*57718be8SEnji Cooper * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19*57718be8SEnji Cooper * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20*57718be8SEnji Cooper * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21*57718be8SEnji Cooper * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22*57718be8SEnji Cooper * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23*57718be8SEnji Cooper * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24*57718be8SEnji Cooper * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25*57718be8SEnji Cooper * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26*57718be8SEnji Cooper * POSSIBILITY OF SUCH DAMAGE. 27*57718be8SEnji Cooper */ 28*57718be8SEnji Cooper 29*57718be8SEnji Cooper #include <sys/stat.h> 30*57718be8SEnji Cooper #include <sys/time.h> 31*57718be8SEnji Cooper 32*57718be8SEnji Cooper #include <atf-c.h> 33*57718be8SEnji Cooper #include <libgen.h> 34*57718be8SEnji Cooper #include <limits.h> 35*57718be8SEnji Cooper #include <unistd.h> 36*57718be8SEnji Cooper 37*57718be8SEnji Cooper #include <rump/rump_syscalls.h> 38*57718be8SEnji Cooper #include <rump/rump.h> 39*57718be8SEnji Cooper 40*57718be8SEnji Cooper #include "../common/h_fsmacros.h" 41*57718be8SEnji Cooper #include "../../h_macros.h" 42*57718be8SEnji Cooper 43*57718be8SEnji Cooper #define USES_OWNER \ 44*57718be8SEnji Cooper if (FSTYPE_MSDOS(tc)) \ 45*57718be8SEnji Cooper atf_tc_skip("owner not supported by file system") 46*57718be8SEnji Cooper 47*57718be8SEnji Cooper static void 48*57718be8SEnji Cooper owner(const atf_tc_t *tc, const char *mp) 49*57718be8SEnji Cooper { 50*57718be8SEnji Cooper 51*57718be8SEnji Cooper USES_OWNER; 52*57718be8SEnji Cooper 53*57718be8SEnji Cooper FSTEST_ENTER(); 54*57718be8SEnji Cooper 55*57718be8SEnji Cooper rump_pub_lwproc_rfork(RUMP_RFCFDG); 56*57718be8SEnji Cooper if (rump_sys_setuid(1) == -1) 57*57718be8SEnji Cooper atf_tc_fail_errno("setuid"); 58*57718be8SEnji Cooper if (FSTYPE_ZFS(tc)) 59*57718be8SEnji Cooper atf_tc_expect_fail("PR kern/47656: Test known to be broken"); 60*57718be8SEnji Cooper if (rump_sys_chown(".", 1, -1) != -1 || errno != EPERM) 61*57718be8SEnji Cooper atf_tc_fail_errno("chown"); 62*57718be8SEnji Cooper if (rump_sys_chmod(".", 0000) != -1 || errno != EPERM) 63*57718be8SEnji Cooper atf_tc_fail_errno("chmod"); 64*57718be8SEnji Cooper rump_pub_lwproc_releaselwp(); 65*57718be8SEnji Cooper 66*57718be8SEnji Cooper if (rump_sys_chown(".", 1, -1) == -1) 67*57718be8SEnji Cooper atf_tc_fail_errno("chown"); 68*57718be8SEnji Cooper 69*57718be8SEnji Cooper rump_pub_lwproc_rfork(RUMP_RFCFDG); 70*57718be8SEnji Cooper if (rump_sys_setuid(1) == -1) 71*57718be8SEnji Cooper atf_tc_fail_errno("setuid"); 72*57718be8SEnji Cooper if (rump_sys_chown(".", 1, -1) == -1) 73*57718be8SEnji Cooper atf_tc_fail_errno("chown"); 74*57718be8SEnji Cooper if (rump_sys_chmod(".", 0000) == -1) 75*57718be8SEnji Cooper atf_tc_fail_errno("chmod"); 76*57718be8SEnji Cooper rump_pub_lwproc_releaselwp(); 77*57718be8SEnji Cooper 78*57718be8SEnji Cooper FSTEST_EXIT(); 79*57718be8SEnji Cooper } 80*57718be8SEnji Cooper 81*57718be8SEnji Cooper static void 82*57718be8SEnji Cooper dirperms(const atf_tc_t *tc, const char *mp) 83*57718be8SEnji Cooper { 84*57718be8SEnji Cooper char name[] = "dir.test/file.test"; 85*57718be8SEnji Cooper char *dir = dirname(name); 86*57718be8SEnji Cooper int fd; 87*57718be8SEnji Cooper 88*57718be8SEnji Cooper if (FSTYPE_SYSVBFS(tc)) 89*57718be8SEnji Cooper atf_tc_skip("directories not supported by file system"); 90*57718be8SEnji Cooper 91*57718be8SEnji Cooper FSTEST_ENTER(); 92*57718be8SEnji Cooper 93*57718be8SEnji Cooper if (rump_sys_mkdir(dir, 0777) == -1) 94*57718be8SEnji Cooper atf_tc_fail_errno("mkdir"); 95*57718be8SEnji Cooper 96*57718be8SEnji Cooper rump_pub_lwproc_rfork(RUMP_RFCFDG); 97*57718be8SEnji Cooper if (rump_sys_setuid(1) == -1) 98*57718be8SEnji Cooper atf_tc_fail_errno("setuid"); 99*57718be8SEnji Cooper if (FSTYPE_ZFS(tc)) 100*57718be8SEnji Cooper atf_tc_expect_fail("PR kern/47656: Test known to be broken"); 101*57718be8SEnji Cooper if (rump_sys_open(name, O_RDWR|O_CREAT, 0666) != -1 || errno != EACCES) 102*57718be8SEnji Cooper atf_tc_fail_errno("open"); 103*57718be8SEnji Cooper rump_pub_lwproc_releaselwp(); 104*57718be8SEnji Cooper 105*57718be8SEnji Cooper if ((fd = rump_sys_open(name, O_RDWR|O_CREAT, 0666)) == -1) 106*57718be8SEnji Cooper atf_tc_fail_errno("open"); 107*57718be8SEnji Cooper if (rump_sys_close(fd) == -1) 108*57718be8SEnji Cooper atf_tc_fail_errno("close"); 109*57718be8SEnji Cooper 110*57718be8SEnji Cooper rump_pub_lwproc_rfork(RUMP_RFCFDG); 111*57718be8SEnji Cooper if (rump_sys_setuid(1) == -1) 112*57718be8SEnji Cooper atf_tc_fail_errno("setuid"); 113*57718be8SEnji Cooper if (rump_sys_unlink(name) != -1 || errno != EACCES) 114*57718be8SEnji Cooper atf_tc_fail_errno("unlink"); 115*57718be8SEnji Cooper rump_pub_lwproc_releaselwp(); 116*57718be8SEnji Cooper 117*57718be8SEnji Cooper if (rump_sys_unlink(name) == -1) 118*57718be8SEnji Cooper atf_tc_fail_errno("unlink"); 119*57718be8SEnji Cooper 120*57718be8SEnji Cooper if (rump_sys_rmdir(dir) == -1) 121*57718be8SEnji Cooper atf_tc_fail_errno("rmdir"); 122*57718be8SEnji Cooper 123*57718be8SEnji Cooper FSTEST_EXIT(); 124*57718be8SEnji Cooper } 125*57718be8SEnji Cooper 126*57718be8SEnji Cooper static void 127*57718be8SEnji Cooper times(const atf_tc_t *tc, const char *mp) 128*57718be8SEnji Cooper { 129*57718be8SEnji Cooper const char *name = "file.test"; 130*57718be8SEnji Cooper int fd; 131*57718be8SEnji Cooper unsigned int i, j; 132*57718be8SEnji Cooper struct timeval tmv[2]; 133*57718be8SEnji Cooper static struct timeval tmvs[] = { 134*57718be8SEnji Cooper { QUAD_MIN, 0 }, 135*57718be8SEnji Cooper { 0, 0 }, 136*57718be8SEnji Cooper { QUAD_MAX, 999999 } 137*57718be8SEnji Cooper }; 138*57718be8SEnji Cooper 139*57718be8SEnji Cooper FSTEST_ENTER(); 140*57718be8SEnji Cooper 141*57718be8SEnji Cooper if ((fd = rump_sys_open(name, O_RDWR|O_CREAT, 0666)) == -1) 142*57718be8SEnji Cooper atf_tc_fail_errno("open"); 143*57718be8SEnji Cooper if (rump_sys_close(fd) == -1) 144*57718be8SEnji Cooper atf_tc_fail_errno("close"); 145*57718be8SEnji Cooper 146*57718be8SEnji Cooper rump_pub_lwproc_rfork(RUMP_RFCFDG); 147*57718be8SEnji Cooper if (rump_sys_setuid(1) == -1) 148*57718be8SEnji Cooper atf_tc_fail_errno("setuid"); 149*57718be8SEnji Cooper if (FSTYPE_ZFS(tc)) 150*57718be8SEnji Cooper atf_tc_expect_fail("PR kern/47656: Test known to be broken"); 151*57718be8SEnji Cooper if (rump_sys_utimes(name, NULL) != -1 || errno != EACCES) 152*57718be8SEnji Cooper atf_tc_fail_errno("utimes"); 153*57718be8SEnji Cooper rump_pub_lwproc_releaselwp(); 154*57718be8SEnji Cooper 155*57718be8SEnji Cooper if (rump_sys_utimes(name, NULL) == -1) 156*57718be8SEnji Cooper atf_tc_fail_errno("utimes"); 157*57718be8SEnji Cooper 158*57718be8SEnji Cooper for (i = 0; i < sizeof(tmvs) / sizeof(tmvs[0]); i++) { 159*57718be8SEnji Cooper for (j = 0; j < sizeof(tmvs) / sizeof(tmvs[0]); j++) { 160*57718be8SEnji Cooper tmv[0] = tmvs[i]; 161*57718be8SEnji Cooper tmv[1] = tmvs[j]; 162*57718be8SEnji Cooper rump_pub_lwproc_rfork(RUMP_RFCFDG); 163*57718be8SEnji Cooper if (rump_sys_setuid(1) == -1) 164*57718be8SEnji Cooper atf_tc_fail_errno("setuid"); 165*57718be8SEnji Cooper if (rump_sys_utimes(name, tmv) != -1 || errno != EPERM) 166*57718be8SEnji Cooper atf_tc_fail_errno("utimes"); 167*57718be8SEnji Cooper rump_pub_lwproc_releaselwp(); 168*57718be8SEnji Cooper 169*57718be8SEnji Cooper if (rump_sys_utimes(name, tmv) == -1) 170*57718be8SEnji Cooper atf_tc_fail_errno("utimes"); 171*57718be8SEnji Cooper } 172*57718be8SEnji Cooper } 173*57718be8SEnji Cooper 174*57718be8SEnji Cooper if (rump_sys_unlink(name) == -1) 175*57718be8SEnji Cooper atf_tc_fail_errno("unlink"); 176*57718be8SEnji Cooper 177*57718be8SEnji Cooper FSTEST_EXIT(); 178*57718be8SEnji Cooper } 179*57718be8SEnji Cooper 180*57718be8SEnji Cooper static void 181*57718be8SEnji Cooper flags(const atf_tc_t *tc, const char *mp) 182*57718be8SEnji Cooper { 183*57718be8SEnji Cooper const char *name = "file.test"; 184*57718be8SEnji Cooper int fd, fflags; 185*57718be8SEnji Cooper struct stat st; 186*57718be8SEnji Cooper 187*57718be8SEnji Cooper FSTEST_ENTER(); 188*57718be8SEnji Cooper 189*57718be8SEnji Cooper if ((fd = rump_sys_open(name, O_RDWR|O_CREAT, 0666)) == -1) 190*57718be8SEnji Cooper atf_tc_fail_errno("open"); 191*57718be8SEnji Cooper if (rump_sys_close(fd) == -1) 192*57718be8SEnji Cooper atf_tc_fail_errno("close"); 193*57718be8SEnji Cooper 194*57718be8SEnji Cooper if (rump_sys_stat(name, &st) == -1) 195*57718be8SEnji Cooper atf_tc_fail_errno("stat"); 196*57718be8SEnji Cooper if (FSTYPE_ZFS(tc)) 197*57718be8SEnji Cooper atf_tc_expect_fail("PR kern/47656: Test known to be broken"); 198*57718be8SEnji Cooper if (rump_sys_chflags(name, st.st_flags) == -1) { 199*57718be8SEnji Cooper if (errno == EOPNOTSUPP) 200*57718be8SEnji Cooper atf_tc_skip("file flags not supported by file system"); 201*57718be8SEnji Cooper atf_tc_fail_errno("chflags"); 202*57718be8SEnji Cooper } 203*57718be8SEnji Cooper 204*57718be8SEnji Cooper fflags = st.st_flags | UF_IMMUTABLE; 205*57718be8SEnji Cooper 206*57718be8SEnji Cooper rump_pub_lwproc_rfork(RUMP_RFCFDG); 207*57718be8SEnji Cooper if (rump_sys_setuid(1) == -1) 208*57718be8SEnji Cooper atf_tc_fail_errno("setuid"); 209*57718be8SEnji Cooper fflags |= UF_IMMUTABLE; 210*57718be8SEnji Cooper if (rump_sys_chflags(name, fflags) != -1 || errno != EPERM) 211*57718be8SEnji Cooper atf_tc_fail_errno("chflags"); 212*57718be8SEnji Cooper rump_pub_lwproc_releaselwp(); 213*57718be8SEnji Cooper 214*57718be8SEnji Cooper if (rump_sys_chflags(name, fflags) == -1) 215*57718be8SEnji Cooper atf_tc_fail_errno("chflags"); 216*57718be8SEnji Cooper 217*57718be8SEnji Cooper fflags &= ~UF_IMMUTABLE; 218*57718be8SEnji Cooper if (rump_sys_chflags(name, fflags) == -1) 219*57718be8SEnji Cooper atf_tc_fail_errno("chflags"); 220*57718be8SEnji Cooper 221*57718be8SEnji Cooper if (rump_sys_unlink(name) == -1) 222*57718be8SEnji Cooper atf_tc_fail_errno("unlink"); 223*57718be8SEnji Cooper 224*57718be8SEnji Cooper FSTEST_EXIT(); 225*57718be8SEnji Cooper } 226*57718be8SEnji Cooper 227*57718be8SEnji Cooper ATF_TC_FSAPPLY(owner, "owner unprivileged checks"); 228*57718be8SEnji Cooper ATF_TC_FSAPPLY(dirperms, "directory permission checks"); 229*57718be8SEnji Cooper ATF_TC_FSAPPLY(times, "time set checks"); 230*57718be8SEnji Cooper ATF_TC_FSAPPLY(flags, "file flags checks"); 231*57718be8SEnji Cooper 232*57718be8SEnji Cooper ATF_TP_ADD_TCS(tp) 233*57718be8SEnji Cooper { 234*57718be8SEnji Cooper 235*57718be8SEnji Cooper ATF_TP_FSAPPLY(owner); 236*57718be8SEnji Cooper ATF_TP_FSAPPLY(dirperms); 237*57718be8SEnji Cooper ATF_TP_FSAPPLY(times); 238*57718be8SEnji Cooper ATF_TP_FSAPPLY(flags); 239*57718be8SEnji Cooper 240*57718be8SEnji Cooper return atf_no_error(); 241*57718be8SEnji Cooper } 242