public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Mike Gilbert" <floppym@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/sandbox:master commit in: tests/
Date: Thu, 22 Jun 2023 13:54:46 +0000 (UTC)	[thread overview]
Message-ID: <1687442078.05e32f542c145253eb01ae4005ca13c63a1c79d8.floppym@gentoo> (raw)

commit:     05e32f542c145253eb01ae4005ca13c63a1c79d8
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 28 01:05:02 2018 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 13:54:38 2023 +0000
URL:        https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=05e32f54

tests: add test case for fchown/fchmod with O_RDONLY.

Bug: https://bugs.gentoo.org/599706
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 tests/fchmod-0.c  | 35 +++++++++++++++++++++++++++++++++++
 tests/fchmod-1.sh | 14 ++++++++++++++
 tests/fchmod.at   |  1 +
 tests/fchown-0.c  | 34 ++++++++++++++++++++++++++++++++++
 tests/fchown-1.sh | 14 ++++++++++++++
 tests/fchown.at   |  1 +
 tests/local.mk    |  2 ++
 7 files changed, 101 insertions(+)

diff --git a/tests/fchmod-0.c b/tests/fchmod-0.c
new file mode 100644
index 0000000..de0c237
--- /dev/null
+++ b/tests/fchmod-0.c
@@ -0,0 +1,35 @@
+/*
+ * https://bugs.gentoo.org/599706
+ *
+ */
+
+#include "headers.h"
+
+int main(int argc, char *argv[])
+{
+	if (argc < 2)
+		return -2;
+
+	int mode = 0;
+	sscanf(argv[1], "%i", &mode);
+	/* The sandbox catches this:
+	 *
+	 *   int fd = open(argv[2], O_RDWR);
+	 *
+	 * And it /should/ catch this:
+	 *
+	 *    int fd = open(argv[2], O_RDONLY);
+	 *
+	 * ...but the latter only works when /proc/self/fd/%i
+	 * is available.
+	 *
+	 */
+#ifdef SANDBOX_PROC_SELF_FD
+	int fd = open(argv[2], O_RDONLY);
+#else
+	int fd = open(argv[2], O_RDWR);
+#endif
+	int fchmod_result = fchmod(fd, (mode_t)mode);
+	close(fd);
+	return fchmod_result;
+}

diff --git a/tests/fchmod-1.sh b/tests/fchmod-1.sh
new file mode 100755
index 0000000..db404ba
--- /dev/null
+++ b/tests/fchmod-1.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# https://bugs.gentoo.org/599706
+#
+
+addwrite $PWD
+
+# The sandbox doesn't log anything when it returns a junk file
+# descriptor? It doesn't look like we can test the contents of
+# sandbox.log here... instead, we just have to count on fchmod
+# failing, which it does if you use O_RDWR, and it *should* if you use
+# O_RDONLY (because that won't stop the change of permissions).
+fchmod-0 $(stat --format='%#04a' ../..) ../.. && exit 1
+exit 0

diff --git a/tests/fchmod.at b/tests/fchmod.at
new file mode 100644
index 0000000..081d7d2
--- /dev/null
+++ b/tests/fchmod.at
@@ -0,0 +1 @@
+SB_CHECK(1)

diff --git a/tests/fchown-0.c b/tests/fchown-0.c
new file mode 100644
index 0000000..7fdca73
--- /dev/null
+++ b/tests/fchown-0.c
@@ -0,0 +1,34 @@
+/*
+ * https://bugs.gentoo.org/599706
+ *
+ */
+
+#include "headers.h"
+
+int main(int argc, char *argv[])
+{
+	if (argc < 3)
+		return -2;
+
+	uid_t uid = atoi(argv[1]);
+	gid_t gid = atoi(argv[2]);
+	/* The sandbox catches this:
+	 *
+	 *   int fd = open(argv[3], O_RDWR);
+	 *
+	 * And it /should/ catch this:
+	 *
+	 *    int fd = open(argv[3], O_RDONLY);
+	 *
+	 * ...but the latter only works when /proc/self/fd/%i
+	 * is available.
+	 */
+#ifdef SANDBOX_PROC_SELF_FD
+	int fd = open(argv[3], O_RDONLY);
+#else
+	int fd = open(argv[3], O_RDWR);
+#endif
+	int fchown_result = fchown(fd, uid, gid);
+	close(fd);
+	return fchown_result;
+}

diff --git a/tests/fchown-1.sh b/tests/fchown-1.sh
new file mode 100755
index 0000000..1b4a173
--- /dev/null
+++ b/tests/fchown-1.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# https://bugs.gentoo.org/599706
+#
+
+addwrite $PWD
+
+# The sandbox doesn't log anything when it returns a junk file
+# descriptor? It doesn't look like we can test the contents of
+# sandbox.log here... instead, we just have to count on fchown
+# failing, which it does if you use O_RDWR, and it *should* if you use
+# O_RDONLY (because that won't stop the change of ownership).
+fchown-0 ${SB_UID} ${SB_GID} ../.. && exit 1
+exit 0

diff --git a/tests/fchown.at b/tests/fchown.at
new file mode 100644
index 0000000..081d7d2
--- /dev/null
+++ b/tests/fchown.at
@@ -0,0 +1 @@
+SB_CHECK(1)

diff --git a/tests/local.mk b/tests/local.mk
index 046cf6f..f1f4ac0 100644
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -29,7 +29,9 @@ check_PROGRAMS += \
 	%D%/execv-0 \
 	%D%/execvp-0 \
 	%D%/faccessat-0 \
+	%D%/fchmod-0 \
 	%D%/fchmodat-0 \
+	%D%/fchown-0 \
 	%D%/fchownat-0 \
 	%D%/fopen-0 \
 	%D%/fopen64-0 \


             reply	other threads:[~2023-06-22 13:54 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-22 13:54 Mike Gilbert [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-11-11 22:47 [gentoo-commits] proj/sandbox:master commit in: tests/ Sam James
2023-07-01 23:52 Mike Gilbert
2023-06-22 13:54 Mike Gilbert
2021-11-03 19:13 Mike Frysinger
2021-10-24  0:54 Mike Frysinger
2021-10-23 22:19 Mike Frysinger
2021-10-22  7:21 Michał Górny
2021-10-22  4:54 Mike Frysinger
2021-10-22  4:15 Mike Frysinger
2021-10-21  2:48 Mike Frysinger
2021-10-18  5:21 Mike Frysinger
2020-05-31 10:52 Michał Górny
2019-06-27 21:41 Sergei Trofimovich
2018-02-19  5:50 Michał Górny
2016-03-29 12:24 Mike Frysinger
2016-03-29 12:24 Mike Frysinger
2015-12-20 21:33 Mike Frysinger
2015-09-28 20:17 Mike Frysinger
2015-09-27  6:13 Mike Frysinger
2015-09-11  7:53 Mike Frysinger
2015-09-11  7:53 Mike Frysinger
2012-12-24 23:58 Mike Frysinger
2012-11-26 10:10 Mike Frysinger
2012-06-24  6:14 Mike Frysinger
2012-06-23 21:27 Mike Frysinger
2012-03-06 19:00 Mike Frysinger
2012-03-05  7:01 Mike Frysinger
2012-03-05  7:01 Mike Frysinger
2011-07-08 19:53 Mike Frysinger
2011-07-04 23:06 Mike Frysinger
2011-07-04 23:06 Mike Frysinger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1687442078.05e32f542c145253eb01ae4005ca13c63a1c79d8.floppym@gentoo \
    --to=floppym@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox