secure_getenv test should write errors to standard output
This way, they end up in the log file. Also skip the test if no GID can be found.
This commit is contained in:
parent
bea9b19322
commit
2bc1387273
@ -1,3 +1,9 @@
|
|||||||
|
2012-07-31 Florian Weimer <fweimer@redhat.com>
|
||||||
|
|
||||||
|
* stdlib/tst-secure-getenv.c: Use printf for error reporting.
|
||||||
|
Exit with zero in case no suitable GID is found, and write a
|
||||||
|
message to standard error.
|
||||||
|
|
||||||
2012-07-30 Roland McGrath <roland@hack.frob.com>
|
2012-07-30 Roland McGrath <roland@hack.frob.com>
|
||||||
|
|
||||||
* sysdeps/generic/sys/param.h (MAXSYMLINKS): Define to SYMLOOP_MAX
|
* sysdeps/generic/sys/param.h (MAXSYMLINKS): Define to SYMLOOP_MAX
|
||||||
|
@ -45,7 +45,7 @@ choose_gid (void)
|
|||||||
int ret = getgroups (count, groups);
|
int ret = getgroups (count, groups);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
{
|
{
|
||||||
perror ("getgroups");
|
printf ("getgroups: %m\n");
|
||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
gid_t current = getgid ();
|
gid_t current = getgid ();
|
||||||
@ -72,29 +72,29 @@ run_executable_sgid (gid_t target)
|
|||||||
if (asprintf (&dirname, "%s/secure-getenv.%jd",
|
if (asprintf (&dirname, "%s/secure-getenv.%jd",
|
||||||
test_dir, (intmax_t) getpid ()) < 0)
|
test_dir, (intmax_t) getpid ()) < 0)
|
||||||
{
|
{
|
||||||
perror ("asprintf");
|
printf ("asprintf: %m\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (mkdir (dirname, 0700) < 0)
|
if (mkdir (dirname, 0700) < 0)
|
||||||
{
|
{
|
||||||
perror ("mkdir");
|
printf ("mkdir: %m\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (asprintf (&execname, "%s/bin", dirname) < 0)
|
if (asprintf (&execname, "%s/bin", dirname) < 0)
|
||||||
{
|
{
|
||||||
perror ("asprintf");
|
printf ("asprintf: %m\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
infd = open ("/proc/self/exe", O_RDONLY);
|
infd = open ("/proc/self/exe", O_RDONLY);
|
||||||
if (infd < 0)
|
if (infd < 0)
|
||||||
{
|
{
|
||||||
perror ("open");
|
printf ("open (/proc/self/exe): %m\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
outfd = open (execname, O_WRONLY | O_CREAT | O_EXCL, 0700);
|
outfd = open (execname, O_WRONLY | O_CREAT | O_EXCL, 0700);
|
||||||
if (outfd < 0)
|
if (outfd < 0)
|
||||||
{
|
{
|
||||||
perror ("open");
|
printf ("open (%s): %m\n", execname);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
char buf[4096];
|
char buf[4096];
|
||||||
@ -103,7 +103,7 @@ run_executable_sgid (gid_t target)
|
|||||||
ssize_t rdcount = read (infd, buf, sizeof (buf));
|
ssize_t rdcount = read (infd, buf, sizeof (buf));
|
||||||
if (rdcount < 0)
|
if (rdcount < 0)
|
||||||
{
|
{
|
||||||
perror ("read");
|
printf ("read: %m\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (rdcount == 0)
|
if (rdcount == 0)
|
||||||
@ -117,7 +117,7 @@ run_executable_sgid (gid_t target)
|
|||||||
errno = ENOSPC;
|
errno = ENOSPC;
|
||||||
if (wrcount <= 0)
|
if (wrcount <= 0)
|
||||||
{
|
{
|
||||||
perror ("write");
|
printf ("write: %m\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
p += wrcount;
|
p += wrcount;
|
||||||
@ -125,29 +125,29 @@ run_executable_sgid (gid_t target)
|
|||||||
}
|
}
|
||||||
if (fchown (outfd, getuid (), target) < 0)
|
if (fchown (outfd, getuid (), target) < 0)
|
||||||
{
|
{
|
||||||
perror ("fchown");
|
printf ("fchown (%s): %m\n", execname);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (fchmod (outfd, 02750) < 0)
|
if (fchmod (outfd, 02750) < 0)
|
||||||
{
|
{
|
||||||
perror ("fchmod");
|
printf ("fchmod (%s): %m\n", execname);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (close (outfd) < 0)
|
if (close (outfd) < 0)
|
||||||
{
|
{
|
||||||
perror ("close");
|
printf ("close (outfd): %m\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (close (infd) < 0)
|
if (close (infd) < 0)
|
||||||
{
|
{
|
||||||
perror ("close");
|
printf ("close (infd): %m\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
int kid = fork ();
|
int kid = fork ();
|
||||||
if (kid < 0)
|
if (kid < 0)
|
||||||
{
|
{
|
||||||
perror ("fork");
|
printf ("fork: %m\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (kid == 0)
|
if (kid == 0)
|
||||||
@ -155,19 +155,19 @@ run_executable_sgid (gid_t target)
|
|||||||
/* Child process. */
|
/* Child process. */
|
||||||
char *args[] = { execname, MAGIC_ARGUMENT, NULL };
|
char *args[] = { execname, MAGIC_ARGUMENT, NULL };
|
||||||
execve (execname, args, environ);
|
execve (execname, args, environ);
|
||||||
perror ("execve");
|
printf ("execve (%s): %m\n", execname);
|
||||||
_exit (1);
|
_exit (1);
|
||||||
}
|
}
|
||||||
int status;
|
int status;
|
||||||
if (waitpid (kid, &status, 0) < 0)
|
if (waitpid (kid, &status, 0) < 0)
|
||||||
{
|
{
|
||||||
perror ("waitpid");
|
printf ("waitpid: %m\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (!WIFEXITED (status) || WEXITSTATUS (status) != MAGIC_STATUS)
|
if (!WIFEXITED (status) || WEXITSTATUS (status) != MAGIC_STATUS)
|
||||||
{
|
{
|
||||||
fprintf (stderr, "Unexpected exit status %d from child process\n",
|
printf ("Unexpected exit status %d from child process\n",
|
||||||
status);
|
status);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
ret = 0;
|
ret = 0;
|
||||||
@ -195,27 +195,28 @@ do_test (void)
|
|||||||
{
|
{
|
||||||
if (getenv ("PATH") == NULL)
|
if (getenv ("PATH") == NULL)
|
||||||
{
|
{
|
||||||
fprintf (stderr, "PATH not set\n");
|
printf ("PATH not set\n");
|
||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
if (secure_getenv ("PATH") == NULL)
|
if (secure_getenv ("PATH") == NULL)
|
||||||
{
|
{
|
||||||
fprintf (stderr, "PATH not set according to secure_getenv\n");
|
printf ("PATH not set according to secure_getenv\n");
|
||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
if (strcmp (getenv ("PATH"), secure_getenv ("PATH")) != 0)
|
if (strcmp (getenv ("PATH"), secure_getenv ("PATH")) != 0)
|
||||||
{
|
{
|
||||||
fprintf (stderr, "PATH mismatch (%s, %s)\n",
|
printf ("PATH mismatch (%s, %s)\n",
|
||||||
getenv ("PATH"), secure_getenv ("PATH"));
|
getenv ("PATH"), secure_getenv ("PATH"));
|
||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
|
|
||||||
gid_t target = choose_gid ();
|
gid_t target = choose_gid ();
|
||||||
if (target == 0)
|
if (target == 0)
|
||||||
{
|
{
|
||||||
fprintf (stderr, "Could not find a suitable GID user %jd\n",
|
fprintf (stderr,
|
||||||
|
"Could not find a suitable GID for user %jd, skipping test\n",
|
||||||
(intmax_t) getuid ());
|
(intmax_t) getuid ());
|
||||||
exit (1);
|
exit (0);
|
||||||
}
|
}
|
||||||
return run_executable_sgid (target);
|
return run_executable_sgid (target);
|
||||||
}
|
}
|
||||||
@ -227,18 +228,18 @@ alternative_main (int argc, char **argv)
|
|||||||
{
|
{
|
||||||
if (getgid () == getegid ())
|
if (getgid () == getegid ())
|
||||||
{
|
{
|
||||||
fprintf (stderr, "SGID failed: GID and EGID match (%jd)\n",
|
printf ("SGID failed: GID and EGID match (%jd)\n",
|
||||||
(intmax_t) getgid ());
|
(intmax_t) getgid ());
|
||||||
exit (2);
|
exit (2);
|
||||||
}
|
}
|
||||||
if (getenv ("PATH") == NULL)
|
if (getenv ("PATH") == NULL)
|
||||||
{
|
{
|
||||||
fprintf (stderr, "PATH variable not present\n");
|
printf ("PATH variable not present\n");
|
||||||
exit (3);
|
exit (3);
|
||||||
}
|
}
|
||||||
if (secure_getenv ("PATH") != NULL)
|
if (secure_getenv ("PATH") != NULL)
|
||||||
{
|
{
|
||||||
fprintf (stderr, "PATH variable not filtered out\n");
|
printf ("PATH variable not filtered out\n");
|
||||||
exit (4);
|
exit (4);
|
||||||
}
|
}
|
||||||
exit (MAGIC_STATUS);
|
exit (MAGIC_STATUS);
|
||||||
|
Loading…
Reference in New Issue
Block a user