From 045b3c2cd3a0ac5cf666c8626bf0843ec5048597 Mon Sep 17 00:00:00 2001 From: He Zhe Date: Tue, 28 Aug 2018 20:43:00 +0800 Subject: ltp: Remove unnecessary check from creat08 and open10 Issue: LIN1018-1797 At the point of the following failure, the file being checked, setgid, is owned by "nobody" in the "nogroup" and tries to inherit SGID from its parent directory who is in group of "bin". This is forbidden since Linux kernel v4.18-rc4, unless current process is given CAP_FSETID beforehand. See "Fix up non-directory creation in SGID directories" in the kernel. The check in Block3 succeeds since it becomes root again then. creat08 3 TFAIL : creat08.c:368: testdir.B.1026/setgid: Incorrect modes, setgid bit should be set creat08 4 TFAIL : creat08.c:376: Test failed in block2. open10 3 TFAIL : open10.c:352: open10.testdir.B.1045/setgid: Incorrect modes, setgid bit not set open10 4 TFAIL : open10.c:359: Test failed in block2. open10 6 TFAIL : open10.c:443: Test failed because of above failures. Backport a patch from upstream. (From OE-Core rev: 5f3ab95b0ed964e08c65ae3159606f27485dbec7) Signed-off-by: He Zhe Signed-off-by: Richard Purdie --- ...skip-S_ISGID-check-on-files-created-by-no.patch | 81 ++++++++++++++++++++++ meta/recipes-extended/ltp/ltp_20180515.bb | 1 + 2 files changed, 82 insertions(+) create mode 100644 meta/recipes-extended/ltp/ltp/0043-open-creat-skip-S_ISGID-check-on-files-created-by-no.patch (limited to 'meta/recipes-extended/ltp') diff --git a/meta/recipes-extended/ltp/ltp/0043-open-creat-skip-S_ISGID-check-on-files-created-by-no.patch b/meta/recipes-extended/ltp/ltp/0043-open-creat-skip-S_ISGID-check-on-files-created-by-no.patch new file mode 100644 index 0000000000..dc61fcc039 --- /dev/null +++ b/meta/recipes-extended/ltp/ltp/0043-open-creat-skip-S_ISGID-check-on-files-created-by-no.patch @@ -0,0 +1,81 @@ +From 3c87ef2961dedb10d1f674c6a530e00dbab8ec1b Mon Sep 17 00:00:00 2001 +From: Jan Stancek +Date: Tue, 17 Jul 2018 10:26:39 +0200 +Subject: [PATCH] open|creat: skip S_ISGID check on files created by non-group + members + +0fa3ecd87848 ("Fix up non-directory creation in SGID directories") +fixes problem described in CVE-2018-13405. This commit is getting +backported to older streams as well. + +This patch removes S_ISGID check for files created by non-group members +in LTP tests creat08 and open10. + +Once 0fa3ecd87848 will be in non-rc kernel, we could add a new test +for this CVE that would be limited to 4.18+ kernels. + +Signed-off-by: Jan Stancek +Acked-by: Cyril Hrubis +Reviewed-by: Naresh Kamboju + +Upstream-Status: Backport +[ git://github.com/linux-test-project/ltp.git + 3c87ef2961dedb10d1f674c6a530e00dbab8ec1b + "open|creat: skip S_ISGID check on files created by non-group members" ] + +Signed-off-by: He Zhe +--- + testcases/kernel/syscalls/creat/creat08.c | 13 ++++++------- + testcases/kernel/syscalls/open/open10.c | 12 +++++------- + 2 files changed, 11 insertions(+), 14 deletions(-) + +diff --git a/testcases/kernel/syscalls/creat/creat08.c b/testcases/kernel/syscalls/creat/creat08.c +index 50f2b3993..d22558ac3 100644 +--- a/testcases/kernel/syscalls/creat/creat08.c ++++ b/testcases/kernel/syscalls/creat/creat08.c +@@ -361,13 +361,12 @@ int main(int ac, char **av) + local_flag = FAILED; + } + +- /* Verify modes */ +- if (!(buf.st_mode & S_ISGID)) { +- tst_resm(TFAIL, +- "%s: Incorrect modes, setgid bit should be set", +- setgid_B); +- local_flag = FAILED; +- } ++ /* ++ * Skip S_ISGID check ++ * 0fa3ecd87848 ("Fix up non-directory creation in SGID directories") ++ * clears S_ISGID for files created by non-group members ++ */ ++ + close(fd); + + if (local_flag == PASSED) { +diff --git a/testcases/kernel/syscalls/open/open10.c b/testcases/kernel/syscalls/open/open10.c +index 613f2288f..14feec9e1 100644 +--- a/testcases/kernel/syscalls/open/open10.c ++++ b/testcases/kernel/syscalls/open/open10.c +@@ -345,13 +345,11 @@ int main(int ac, char *av[]) + local_flag = FAILED; + } + +- /* Verify modes */ +- if (!(buf.st_mode & S_ISGID)) { +- tst_resm(TFAIL, +- "%s: Incorrect modes, setgid bit not set", +- setgid_B); +- local_flag = FAILED; +- } ++ /* ++ * Skip S_ISGID check ++ * 0fa3ecd87848 ("Fix up non-directory creation in SGID directories") ++ * clears S_ISGID for files created by non-group members ++ */ + + if (local_flag == PASSED) { + tst_resm(TPASS, "Test passed in block2."); +-- +2.11.0 + diff --git a/meta/recipes-extended/ltp/ltp_20180515.bb b/meta/recipes-extended/ltp/ltp_20180515.bb index 978d3cd512..7c364a60a1 100644 --- a/meta/recipes-extended/ltp/ltp_20180515.bb +++ b/meta/recipes-extended/ltp/ltp_20180515.bb @@ -50,6 +50,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git \ file://0040-read_all-Define-FNM_EXTMATCH-if-not-already-like-und.patch \ file://0041-cve-2017-5669-shmat-for-0-or-PAGESIZE-with-RND-flag-.patch \ file://0042-fs-ftest-ftest06.c-Fix-too-small-name-string-and-rel.patch \ + file://0043-open-creat-skip-S_ISGID-check-on-files-created-by-no.patch \ " S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf