From: Jan S. <jst...@re...> - 2012-06-20 07:52:43
|
----- Original Message ----- > From: "Wanlong Gao" <gao...@cn...> > To: ltp...@li... > Sent: Wednesday, 20 June, 2012 4:16:55 AM > Subject: [LTP] [PATCH] get_robust_list: change seteuid to setuid > > Since kernel commit bdbb776f changed the permission check > from euid to uid, so, we should also change our code to > be consistent with it. > > commit bdbb776f882f5ad431aa1e694c69c1c3d6a4a5b8 > Author: Kees Cook <kee...@ch...> > Date: Mon Mar 19 16:12:53 2012 -0700 > > futex: Do not leak robust list to unprivileged process > > It was possible to extract the robust list head address from a > setuid > process if it had used set_robust_list(), allowing an ASLR info > leak. This > changes the permission checks to be the same as those used for > similar > info that comes out of /proc. > > Running a setuid program that uses robust futexes would have had: > cred->euid != pcred->euid > cred->euid == pcred->uid > so the old permissions check would allow it. I'm not aware of any > setuid > programs that use robust futexes, so this is just a preventative > measure. > > Signed-off-by: Wanlong Gao <gao...@cn...> > --- > .../syscalls/get_robust_list/get_robust_list01.c | 28 > ++++++++++------------ > 1 file changed, 12 insertions(+), 16 deletions(-) > > diff --git > a/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c > b/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c > index 27c0be6..b8e9797 100644 > --- a/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c > +++ b/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c > @@ -152,7 +152,17 @@ int main(int argc, char **argv) > tst_resm(TFAIL, > "get_robust_list succeeded unexpectedly"); > > - if (seteuid(1) == -1) > + TEST(retval = syscall(__NR_get_robust_list, 0, > + (struct robust_list_head **)&head, > + &len_ptr)); > + > + if (TEST_RETURN == 0) > + tst_resm(TPASS, "get_robust_list succeeded"); > + else > + tst_resm(TFAIL|TTERRNO, > + "get_robust_list failed unexpectedly"); > + > + if (setuid(1) == -1) > tst_brkm(TBROK|TERRNO, cleanup, "seteuid(1) failed"); error above still says "seteuid", other than that it looks OK and still works on kernels older than 3.4 Regards, Jan > > TEST(retval = syscall(__NR_get_robust_list, 1, > @@ -170,20 +180,6 @@ int main(int argc, char **argv) > } else > tst_resm(TFAIL, > "get_robust_list succeeded unexpectedly"); > - > - if (seteuid(0) == -1) > - tst_brkm(TBROK|TERRNO, cleanup, "seteuid(0) failed"); > - > - TEST(retval = syscall(__NR_get_robust_list, 0, > - (struct robust_list_head **)&head, > - &len_ptr)); > - > - if (TEST_RETURN == 0) > - tst_resm(TPASS, "get_robust_list succeeded"); > - else > - tst_resm(TFAIL|TTERRNO, > - "get_robust_list failed unexpectedly"); > - > } > > cleanup(); > @@ -203,4 +199,4 @@ void setup(void) > void cleanup(void) > { > TEST_CLEANUP; > -} > \ No newline at end of file > +} > -- > 1.7.11.rc0 > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the latest in > malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Ltp-list mailing list > Ltp...@li... > https://lists.sourceforge.net/lists/listinfo/ltp-list > |