blob: 58208dbc597465339bac7ea4d98d8b0d80a6828e [file] [log] [blame]
xf.libdd93d52023-05-12 07:10:14 -07001/* Copyright (C) 2012-2016 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <http://www.gnu.org/licenses/>. */
17
18/* Test that secure_getenv works by invoking the test as a SGID
19 program with a group ID from the supplementary group list. This
20 test can fail spuriously if the user is not a member of a suitable
21 supplementary group. */
22
23#include <errno.h>
24#include <fcntl.h>
25#include <stdlib.h>
26#include <stdint.h>
27#include <stdio.h>
28#include <string.h>
29#include <sys/stat.h>
30#include <sys/wait.h>
31#include <unistd.h>
32
33static char MAGIC_ARGUMENT[] = "run-actual-test";
34#define MAGIC_STATUS 19
35
36static const char *test_dir;
37
38/* Return a GID which is not our current GID, but is present in the
39 supplementary group list. */
40static gid_t
41choose_gid (void)
42{
43 const int count = 64;
44 gid_t groups[count];
45 int ret = getgroups (count, groups);
46 if (ret < 0)
47 {
48 printf ("getgroups: %m\n");
49 exit (1);
50 }
51 gid_t current = getgid ();
52 for (int i = 0; i < ret; ++i)
53 {
54 if (groups[i] != current)
55 return groups[i];
56 }
57 return 0;
58}
59
60
61/* Copies the executable into a restricted directory, so that we can
62 safely make it SGID with the TARGET group ID. Then runs the
63 executable. */
64static int
65run_executable_sgid (gid_t target)
66{
67 char *dirname = 0;
68 char *execname = 0;
69 int infd = -1;
70 int outfd = -1;
71 int ret = -1;
72 if (asprintf (&dirname, "%s/secure-getenv.%jd",
73 test_dir, (intmax_t) getpid ()) < 0)
74 {
75 printf ("asprintf: %m\n");
76 goto err;
77 }
78 if (mkdir (dirname, 0700) < 0)
79 {
80 printf ("mkdir: %m\n");
81 goto err;
82 }
83 if (asprintf (&execname, "%s/bin", dirname) < 0)
84 {
85 printf ("asprintf: %m\n");
86 goto err;
87 }
88 infd = open ("/proc/self/exe", O_RDONLY);
89 if (infd < 0)
90 {
91 printf ("open (/proc/self/exe): %m\n");
92 goto err;
93 }
94 outfd = open (execname, O_WRONLY | O_CREAT | O_EXCL, 0700);
95 if (outfd < 0)
96 {
97 printf ("open (%s): %m\n", execname);
98 goto err;
99 }
100 char buf[4096];
101 for (;;)
102 {
103 ssize_t rdcount = read (infd, buf, sizeof (buf));
104 if (rdcount < 0)
105 {
106 printf ("read: %m\n");
107 goto err;
108 }
109 if (rdcount == 0)
110 break;
111 char *p = buf;
112 char *end = buf + rdcount;
113 while (p != end)
114 {
115 ssize_t wrcount = write (outfd, buf, end - p);
116 if (wrcount == 0)
117 errno = ENOSPC;
118 if (wrcount <= 0)
119 {
120 printf ("write: %m\n");
121 goto err;
122 }
123 p += wrcount;
124 }
125 }
126 if (fchown (outfd, getuid (), target) < 0)
127 {
128 printf ("fchown (%s): %m\n", execname);
129 goto err;
130 }
131 if (fchmod (outfd, 02750) < 0)
132 {
133 printf ("fchmod (%s): %m\n", execname);
134 goto err;
135 }
136 if (close (outfd) < 0)
137 {
138 printf ("close (outfd): %m\n");
139 goto err;
140 }
141 if (close (infd) < 0)
142 {
143 printf ("close (infd): %m\n");
144 goto err;
145 }
146
147 int kid = fork ();
148 if (kid < 0)
149 {
150 printf ("fork: %m\n");
151 goto err;
152 }
153 if (kid == 0)
154 {
155 /* Child process. */
156 char *args[] = { execname, MAGIC_ARGUMENT, NULL };
157 execve (execname, args, environ);
158 printf ("execve (%s): %m\n", execname);
159 _exit (1);
160 }
161 int status;
162 if (waitpid (kid, &status, 0) < 0)
163 {
164 printf ("waitpid: %m\n");
165 goto err;
166 }
167 if (!WIFEXITED (status) || WEXITSTATUS (status) != MAGIC_STATUS)
168 {
169 printf ("Unexpected exit status %d from child process\n",
170 status);
171 goto err;
172 }
173 ret = 0;
174
175err:
176 if (outfd >= 0)
177 close (outfd);
178 if (infd >= 0)
179 close (infd);
180 if (execname)
181 {
182 unlink (execname);
183 free (execname);
184 }
185 if (dirname)
186 {
187 rmdir (dirname);
188 free (dirname);
189 }
190 return ret;
191}
192
193static int
194do_test (void)
195{
196 if (getenv ("PATH") == NULL)
197 {
198 printf ("PATH not set\n");
199 exit (1);
200 }
201 if (secure_getenv ("PATH") == NULL)
202 {
203 printf ("PATH not set according to secure_getenv\n");
204 exit (1);
205 }
206 if (strcmp (getenv ("PATH"), secure_getenv ("PATH")) != 0)
207 {
208 printf ("PATH mismatch (%s, %s)\n",
209 getenv ("PATH"), secure_getenv ("PATH"));
210 exit (1);
211 }
212
213 gid_t target = choose_gid ();
214 if (target == 0)
215 {
216 fprintf (stderr,
217 "Could not find a suitable GID for user %jd, skipping test\n",
218 (intmax_t) getuid ());
219 exit (0);
220 }
221 return run_executable_sgid (target);
222}
223
224static void
225alternative_main (int argc, char **argv)
226{
227 if (argc == 2 && strcmp (argv[1], MAGIC_ARGUMENT) == 0)
228 {
229 if (getgid () == getegid ())
230 {
231 /* This can happen if the file system is mounted nosuid. */
232 fprintf (stderr, "SGID failed: GID and EGID match (%jd)\n",
233 (intmax_t) getgid ());
234 exit (MAGIC_STATUS);
235 }
236 if (getenv ("PATH") == NULL)
237 {
238 printf ("PATH variable not present\n");
239 exit (3);
240 }
241 if (secure_getenv ("PATH") != NULL)
242 {
243 printf ("PATH variable not filtered out\n");
244 exit (4);
245 }
246 exit (MAGIC_STATUS);
247 }
248}
249
250#define PREPARE(argc, argv) alternative_main(argc, argv)
251#define TEST_FUNCTION do_test ()
252#include "../test-skeleton.c"