| From 4d28fe03695de1eb12a7aca25addd1fcea0fe569 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Thu, 5 Dec 2019 21:21:07 +0900 |
| Subject: selftests: safesetid: Check the return value of setuid/setgid |
| MIME-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| From: Masami Hiramatsu <mhiramat@kernel.org> |
| |
| [ Upstream commit 295c4e21cf27ac9af542140e3e797df9e0cf7b5f ] |
| |
| Check the return value of setuid() and setgid(). |
| This fixes the following warnings and improves test result. |
| |
| safesetid-test.c: In function ‘main’: |
| safesetid-test.c:294:2: warning: ignoring return value of ‘setuid’, declared with attribute warn_unused_result [-Wunused-result] |
| setuid(NO_POLICY_USER); |
| ^~~~~~~~~~~~~~~~~~~~~~ |
| safesetid-test.c:295:2: warning: ignoring return value of ‘setgid’, declared with attribute warn_unused_result [-Wunused-result] |
| setgid(NO_POLICY_USER); |
| ^~~~~~~~~~~~~~~~~~~~~~ |
| safesetid-test.c:309:2: warning: ignoring return value of ‘setuid’, declared with attribute warn_unused_result [-Wunused-result] |
| setuid(RESTRICTED_PARENT); |
| ^~~~~~~~~~~~~~~~~~~~~~~~~ |
| safesetid-test.c:310:2: warning: ignoring return value of ‘setgid’, declared with attribute warn_unused_result [-Wunused-result] |
| setgid(RESTRICTED_PARENT); |
| ^~~~~~~~~~~~~~~~~~~~~~~~~ |
| safesetid-test.c: In function ‘test_setuid’: |
| safesetid-test.c:216:3: warning: ignoring return value of ‘setuid’, declared with attribute warn_unused_result [-Wunused-result] |
| setuid(child_uid); |
| ^~~~~~~~~~~~~~~~~ |
| |
| Fixes: c67e8ec03f3f ("LSM: SafeSetID: add selftest") |
| Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> |
| Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| .../testing/selftests/safesetid/safesetid-test.c | 15 ++++++++++----- |
| 1 file changed, 10 insertions(+), 5 deletions(-) |
| |
| diff --git a/tools/testing/selftests/safesetid/safesetid-test.c b/tools/testing/selftests/safesetid/safesetid-test.c |
| index 8f40c6ecdad1..0c4d50644c13 100644 |
| --- a/tools/testing/selftests/safesetid/safesetid-test.c |
| +++ b/tools/testing/selftests/safesetid/safesetid-test.c |
| @@ -213,7 +213,8 @@ static void test_setuid(uid_t child_uid, bool expect_success) |
| } |
| |
| if (cpid == 0) { /* Code executed by child */ |
| - setuid(child_uid); |
| + if (setuid(child_uid) < 0) |
| + exit(EXIT_FAILURE); |
| if (getuid() == child_uid) |
| exit(EXIT_SUCCESS); |
| else |
| @@ -291,8 +292,10 @@ int main(int argc, char **argv) |
| |
| // First test to make sure we can write userns mappings from a user |
| // that doesn't have any restrictions (as long as it has CAP_SETUID); |
| - setuid(NO_POLICY_USER); |
| - setgid(NO_POLICY_USER); |
| + if (setuid(NO_POLICY_USER) < 0) |
| + die("Error with set uid(%d)\n", NO_POLICY_USER); |
| + if (setgid(NO_POLICY_USER) < 0) |
| + die("Error with set gid(%d)\n", NO_POLICY_USER); |
| |
| // Take away all but setid caps |
| drop_caps(true); |
| @@ -306,8 +309,10 @@ int main(int argc, char **argv) |
| die("test_userns failed when it should work\n"); |
| } |
| |
| - setuid(RESTRICTED_PARENT); |
| - setgid(RESTRICTED_PARENT); |
| + if (setuid(RESTRICTED_PARENT) < 0) |
| + die("Error with set uid(%d)\n", RESTRICTED_PARENT); |
| + if (setgid(RESTRICTED_PARENT) < 0) |
| + die("Error with set gid(%d)\n", RESTRICTED_PARENT); |
| |
| test_setuid(ROOT_USER, false); |
| test_setuid(ALLOWED_CHILD1, true); |
| -- |
| 2.20.1 |
| |