diff options
| author | Lennart Poettering <lennart@poettering.net> | 2018-01-04 19:44:27 +0100 |
|---|---|---|
| committer | Sven Eden <yamakuzure@gmx.net> | 2018-05-30 07:50:08 +0200 |
| commit | e2c4475028606343176752bd0974df2c5ed6a520 (patch) | |
| tree | f46ed68b54a316393d3b31217b690d71852632f2 /src/test | |
| parent | f40fc1151dc0225aa2acf884a0ce3cceb1a00aac (diff) | |
fs-util: add new CHASE_SAFE flag to chase_symlinks()
When the flag is specified we won't transition to a privilege-owned
file or directory from an unprivileged-owned one. This is useful when
privileged code wants to load data from a file unprivileged users have
write access to, and validates the ownership, but want's to make sure
that no symlink games are played to read a root-owned system file
belonging to a different context.
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/test-fs-util.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c index f2f571ce2..1c453e11a 100644 --- a/src/test/test-fs-util.c +++ b/src/test/test-fs-util.c @@ -30,6 +30,7 @@ #include "rm-rf.h" #include "string-util.h" #include "strv.h" +//#include "user-util.h" #include "util.h" static void test_chase_symlinks(void) { @@ -235,6 +236,32 @@ static void test_chase_symlinks(void) { r = chase_symlinks(p, NULL, 0, &result); assert_se(r == -ENOENT); + if (geteuid() == 0) { + p = strjoina(temp, "/priv1"); + assert_se(mkdir(p, 0755) >= 0); + + q = strjoina(p, "/priv2"); + assert_se(mkdir(q, 0755) >= 0); + + assert_se(chase_symlinks(q, NULL, CHASE_SAFE, NULL) >= 0); + + assert_se(chown(q, UID_NOBODY, GID_NOBODY) >= 0); + assert_se(chase_symlinks(q, NULL, CHASE_SAFE, NULL) >= 0); + + assert_se(chown(p, UID_NOBODY, GID_NOBODY) >= 0); + assert_se(chase_symlinks(q, NULL, CHASE_SAFE, NULL) >= 0); + + assert_se(chown(q, 0, 0) >= 0); + assert_se(chase_symlinks(q, NULL, CHASE_SAFE, NULL) == -EPERM); + + assert_se(rmdir(q) >= 0); + assert_se(symlink("/etc/passwd", q) >= 0); + assert_se(chase_symlinks(q, NULL, CHASE_SAFE, NULL) == -EPERM); + + assert_se(chown(p, 0, 0) >= 0); + assert_se(chase_symlinks(q, NULL, CHASE_SAFE, NULL) >= 0); + } + assert_se(rm_rf(temp, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0); } |