summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended
diff options
context:
space:
mode:
authorHe Zhe <zhe.he@windriver.com>2018-08-28 20:43:00 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-29 10:42:48 +0100
commit045b3c2cd3a0ac5cf666c8626bf0843ec5048597 (patch)
tree8e3cc8c87a992e334848ce9d82223acffbcf3c2b /meta/recipes-extended
parenta8368651ffed1bd6c4715a37dfe9f40c48ca23c4 (diff)
downloadpoky-045b3c2cd3a0ac5cf666c8626bf0843ec5048597.tar.gz
ltp: Remove unnecessary check from creat08 and open10
Issue: LIN1018-1797 At the point of the following failure, the file being checked, setgid, is owned by "nobody" in the "nogroup" and tries to inherit SGID from its parent directory who is in group of "bin". This is forbidden since Linux kernel v4.18-rc4, unless current process is given CAP_FSETID beforehand. See "Fix up non-directory creation in SGID directories" in the kernel. The check in Block3 succeeds since it becomes root again then. creat08 3 TFAIL : creat08.c:368: testdir.B.1026/setgid: Incorrect modes, setgid bit should be set creat08 4 TFAIL : creat08.c:376: Test failed in block2. open10 3 TFAIL : open10.c:352: open10.testdir.B.1045/setgid: Incorrect modes, setgid bit not set open10 4 TFAIL : open10.c:359: Test failed in block2. open10 6 TFAIL : open10.c:443: Test failed because of above failures. Backport a patch from upstream. (From OE-Core rev: 5f3ab95b0ed964e08c65ae3159606f27485dbec7) Signed-off-by: He Zhe <zhe.he@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r--meta/recipes-extended/ltp/ltp/0043-open-creat-skip-S_ISGID-check-on-files-created-by-no.patch81
-rw-r--r--meta/recipes-extended/ltp/ltp_20180515.bb1
2 files changed, 82 insertions, 0 deletions
diff --git a/meta/recipes-extended/ltp/ltp/0043-open-creat-skip-S_ISGID-check-on-files-created-by-no.patch b/meta/recipes-extended/ltp/ltp/0043-open-creat-skip-S_ISGID-check-on-files-created-by-no.patch
new file mode 100644
index 0000000000..dc61fcc039
--- /dev/null
+++ b/meta/recipes-extended/ltp/ltp/0043-open-creat-skip-S_ISGID-check-on-files-created-by-no.patch
@@ -0,0 +1,81 @@
1From 3c87ef2961dedb10d1f674c6a530e00dbab8ec1b Mon Sep 17 00:00:00 2001
2From: Jan Stancek <jstancek@redhat.com>
3Date: Tue, 17 Jul 2018 10:26:39 +0200
4Subject: [PATCH] open|creat: skip S_ISGID check on files created by non-group
5 members
6
70fa3ecd87848 ("Fix up non-directory creation in SGID directories")
8fixes problem described in CVE-2018-13405. This commit is getting
9backported to older streams as well.
10
11This patch removes S_ISGID check for files created by non-group members
12in LTP tests creat08 and open10.
13
14Once 0fa3ecd87848 will be in non-rc kernel, we could add a new test
15for this CVE that would be limited to 4.18+ kernels.
16
17Signed-off-by: Jan Stancek <jstancek@redhat.com>
18Acked-by: Cyril Hrubis <chrubis@suse.cz>
19Reviewed-by: Naresh Kamboju <naresh.kamboju@linaro.org>
20
21Upstream-Status: Backport
22[ git://github.com/linux-test-project/ltp.git
23 3c87ef2961dedb10d1f674c6a530e00dbab8ec1b
24 "open|creat: skip S_ISGID check on files created by non-group members" ]
25
26Signed-off-by: He Zhe <zhe.he@windriver.com>
27---
28 testcases/kernel/syscalls/creat/creat08.c | 13 ++++++-------
29 testcases/kernel/syscalls/open/open10.c | 12 +++++-------
30 2 files changed, 11 insertions(+), 14 deletions(-)
31
32diff --git a/testcases/kernel/syscalls/creat/creat08.c b/testcases/kernel/syscalls/creat/creat08.c
33index 50f2b3993..d22558ac3 100644
34--- a/testcases/kernel/syscalls/creat/creat08.c
35+++ b/testcases/kernel/syscalls/creat/creat08.c
36@@ -361,13 +361,12 @@ int main(int ac, char **av)
37 local_flag = FAILED;
38 }
39
40- /* Verify modes */
41- if (!(buf.st_mode & S_ISGID)) {
42- tst_resm(TFAIL,
43- "%s: Incorrect modes, setgid bit should be set",
44- setgid_B);
45- local_flag = FAILED;
46- }
47+ /*
48+ * Skip S_ISGID check
49+ * 0fa3ecd87848 ("Fix up non-directory creation in SGID directories")
50+ * clears S_ISGID for files created by non-group members
51+ */
52+
53 close(fd);
54
55 if (local_flag == PASSED) {
56diff --git a/testcases/kernel/syscalls/open/open10.c b/testcases/kernel/syscalls/open/open10.c
57index 613f2288f..14feec9e1 100644
58--- a/testcases/kernel/syscalls/open/open10.c
59+++ b/testcases/kernel/syscalls/open/open10.c
60@@ -345,13 +345,11 @@ int main(int ac, char *av[])
61 local_flag = FAILED;
62 }
63
64- /* Verify modes */
65- if (!(buf.st_mode & S_ISGID)) {
66- tst_resm(TFAIL,
67- "%s: Incorrect modes, setgid bit not set",
68- setgid_B);
69- local_flag = FAILED;
70- }
71+ /*
72+ * Skip S_ISGID check
73+ * 0fa3ecd87848 ("Fix up non-directory creation in SGID directories")
74+ * clears S_ISGID for files created by non-group members
75+ */
76
77 if (local_flag == PASSED) {
78 tst_resm(TPASS, "Test passed in block2.");
79--
802.11.0
81
diff --git a/meta/recipes-extended/ltp/ltp_20180515.bb b/meta/recipes-extended/ltp/ltp_20180515.bb
index 978d3cd512..7c364a60a1 100644
--- a/meta/recipes-extended/ltp/ltp_20180515.bb
+++ b/meta/recipes-extended/ltp/ltp_20180515.bb
@@ -50,6 +50,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git \
50 file://0040-read_all-Define-FNM_EXTMATCH-if-not-already-like-und.patch \ 50 file://0040-read_all-Define-FNM_EXTMATCH-if-not-already-like-und.patch \
51 file://0041-cve-2017-5669-shmat-for-0-or-PAGESIZE-with-RND-flag-.patch \ 51 file://0041-cve-2017-5669-shmat-for-0-or-PAGESIZE-with-RND-flag-.patch \
52 file://0042-fs-ftest-ftest06.c-Fix-too-small-name-string-and-rel.patch \ 52 file://0042-fs-ftest-ftest06.c-Fix-too-small-name-string-and-rel.patch \
53 file://0043-open-creat-skip-S_ISGID-check-on-files-created-by-no.patch \
53 " 54 "
54 55
55S = "${WORKDIR}/git" 56S = "${WORKDIR}/git"