Menu
▾
▴
Re: [LTP] [PATCH] get_robust_list: change seteuid to setuid
|
From: Jan S. <jst...@re...> - 2012-06-20 07:52:43
|
----- Original Message -----
> From: "Wanlong Gao" <gao...@cn...>
> To: ltp...@li...
> Sent: Wednesday, 20 June, 2012 4:16:55 AM
> Subject: [LTP] [PATCH] get_robust_list: change seteuid to setuid
>
> Since kernel commit bdbb776f changed the permission check
> from euid to uid, so, we should also change our code to
> be consistent with it.
>
> commit bdbb776f882f5ad431aa1e694c69c1c3d6a4a5b8
> Author: Kees Cook <kee...@ch...>
> Date: Mon Mar 19 16:12:53 2012 -0700
>
> futex: Do not leak robust list to unprivileged process
>
> It was possible to extract the robust list head address from a
> setuid
> process if it had used set_robust_list(), allowing an ASLR info
> leak. This
> changes the permission checks to be the same as those used for
> similar
> info that comes out of /proc.
>
> Running a setuid program that uses robust futexes would have had:
> cred->euid != pcred->euid
> cred->euid == pcred->uid
> so the old permissions check would allow it. I'm not aware of any
> setuid
> programs that use robust futexes, so this is just a preventative
> measure.
>
> Signed-off-by: Wanlong Gao <gao...@cn...>
> ---
> .../syscalls/get_robust_list/get_robust_list01.c | 28
> ++++++++++------------
> 1 file changed, 12 insertions(+), 16 deletions(-)
>
> diff --git
> a/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c
> b/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c
> index 27c0be6..b8e9797 100644
> --- a/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c
> +++ b/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c
> @@ -152,7 +152,17 @@ int main(int argc, char **argv)
> tst_resm(TFAIL,
> "get_robust_list succeeded unexpectedly");
>
> - if (seteuid(1) == -1)
> + TEST(retval = syscall(__NR_get_robust_list, 0,
> + (struct robust_list_head **)&head,
> + &len_ptr));
> +
> + if (TEST_RETURN == 0)
> + tst_resm(TPASS, "get_robust_list succeeded");
> + else
> + tst_resm(TFAIL|TTERRNO,
> + "get_robust_list failed unexpectedly");
> +
> + if (setuid(1) == -1)
> tst_brkm(TBROK|TERRNO, cleanup, "seteuid(1) failed");
error above still says "seteuid",
other than that it looks OK and still works on kernels older than 3.4
Regards,
Jan
>
> TEST(retval = syscall(__NR_get_robust_list, 1,
> @@ -170,20 +180,6 @@ int main(int argc, char **argv)
> } else
> tst_resm(TFAIL,
> "get_robust_list succeeded unexpectedly");
> -
> - if (seteuid(0) == -1)
> - tst_brkm(TBROK|TERRNO, cleanup, "seteuid(0) failed");
> -
> - TEST(retval = syscall(__NR_get_robust_list, 0,
> - (struct robust_list_head **)&head,
> - &len_ptr));
> -
> - if (TEST_RETURN == 0)
> - tst_resm(TPASS, "get_robust_list succeeded");
> - else
> - tst_resm(TFAIL|TTERRNO,
> - "get_robust_list failed unexpectedly");
> -
> }
>
> cleanup();
> @@ -203,4 +199,4 @@ void setup(void)
> void cleanup(void)
> {
> TEST_CLEANUP;
> -}
> \ No newline at end of file
> +}
> --
> 1.7.11.rc0
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond.
> Discussions
> will include endpoint security, mobile security and the latest in
> malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Ltp-list mailing list
> Ltp...@li...
> https://lists.sourceforge.net/lists/listinfo/ltp-list
>
|