tzcode: Add a test case for plain issetugid case
This catches a bug in tzcode which incorrectly considers TZDEFAULT as unsafe as if it came from the environment. Also deduplicate some repeated code, and fix a missing mode in an open(2) call with O_CREAT set. Event: Oslo Hackathon 202508 Reviewed by: philip Differential Revision: https://reviews.freebsd.org/D52241
This commit is contained in:
@@ -70,7 +70,7 @@ change_tz(const char *tzn)
|
||||
|
||||
ATF_REQUIRE((zfd = open(zfn, O_DIRECTORY | O_SEARCH)) >= 0);
|
||||
ATF_REQUIRE((sfd = openat(zfd, tzn, O_RDONLY)) >= 0);
|
||||
ATF_REQUIRE((dfd = open(tfn, O_CREAT | O_TRUNC | O_WRONLY)) >= 0);
|
||||
ATF_REQUIRE((dfd = open(tfn, O_CREAT | O_TRUNC | O_WRONLY, 0644)) >= 0);
|
||||
do {
|
||||
clen = copy_file_range(sfd, NULL, dfd, NULL, SSIZE_MAX, 0);
|
||||
ATF_REQUIRE_MSG(clen != -1, "failed to copy %s/%s: %m",
|
||||
@@ -83,6 +83,19 @@ change_tz(const char *tzn)
|
||||
debug("time zone %s installed", tzn);
|
||||
}
|
||||
|
||||
static void
|
||||
test_tz(const char *expect)
|
||||
{
|
||||
char buf[128];
|
||||
struct tm *tm;
|
||||
size_t len;
|
||||
|
||||
ATF_REQUIRE((tm = localtime(&then)) != NULL);
|
||||
len = strftime(buf, sizeof(buf), "%z (%Z)", tm);
|
||||
ATF_REQUIRE(len > 0);
|
||||
ATF_CHECK_STREQ(expect, buf);
|
||||
}
|
||||
|
||||
ATF_TC(thin_jail);
|
||||
ATF_TC_HEAD(thin_jail, tc)
|
||||
{
|
||||
@@ -92,9 +105,6 @@ ATF_TC_HEAD(thin_jail, tc)
|
||||
ATF_TC_BODY(thin_jail, tc)
|
||||
{
|
||||
const struct tzcase *tzcase = tzcases;
|
||||
char buf[128];
|
||||
struct tm *tm;
|
||||
size_t len;
|
||||
|
||||
/* prepare chroot */
|
||||
ATF_REQUIRE_EQ(0, mkdir("root", 0755));
|
||||
@@ -105,10 +115,7 @@ ATF_TC_BODY(thin_jail, tc)
|
||||
ATF_REQUIRE_EQ(0, chdir("/"));
|
||||
/* check timezone */
|
||||
unsetenv("TZ");
|
||||
ATF_REQUIRE((tm = localtime(&then)) != NULL);
|
||||
len = strftime(buf, sizeof(buf), "%z (%Z)", tm);
|
||||
ATF_REQUIRE(len > 0);
|
||||
ATF_CHECK_STREQ(tzcase->expect, buf);
|
||||
test_tz(tzcase->expect);
|
||||
}
|
||||
|
||||
#ifdef DETECT_TZ_CHANGES
|
||||
@@ -309,15 +316,8 @@ ATF_TC_BODY(detect_tz_changes, tc)
|
||||
static void
|
||||
test_tz_env(const char *tzval, const char *expect)
|
||||
{
|
||||
char buf[128];
|
||||
struct tm *tm;
|
||||
size_t len;
|
||||
|
||||
setenv("TZ", tzval, 1);
|
||||
ATF_REQUIRE((tm = localtime(&then)) != NULL);
|
||||
len = strftime(buf, sizeof(buf), "%z (%Z)", tm);
|
||||
ATF_REQUIRE(len > 0);
|
||||
ATF_CHECK_STREQ(expect, buf);
|
||||
test_tz(expect);
|
||||
}
|
||||
|
||||
ATF_TC(tz_env);
|
||||
@@ -333,6 +333,31 @@ ATF_TC_BODY(tz_env, tc)
|
||||
test_tz_env(tzcase->tzfn, tzcase->expect);
|
||||
}
|
||||
|
||||
ATF_TC(setugid);
|
||||
ATF_TC_HEAD(setugid, tc)
|
||||
{
|
||||
atf_tc_set_md_var(tc, "descr", "Test setugid process");
|
||||
atf_tc_set_md_var(tc, "require.user", "root");
|
||||
}
|
||||
ATF_TC_BODY(setugid, tc)
|
||||
{
|
||||
const struct tzcase *tzcase = tzcases;
|
||||
|
||||
/* prepare chroot */
|
||||
ATF_REQUIRE_EQ(0, mkdir("root", 0755));
|
||||
ATF_REQUIRE_EQ(0, mkdir("root/etc", 0755));
|
||||
change_tz(tzcase->tzfn);
|
||||
/* enter chroot */
|
||||
ATF_REQUIRE_EQ(0, chroot("root"));
|
||||
ATF_REQUIRE_EQ(0, chdir("/"));
|
||||
/* become setugid */
|
||||
ATF_REQUIRE_EQ(0, seteuid(UID_NOBODY));
|
||||
ATF_REQUIRE(issetugid());
|
||||
/* check timezone */
|
||||
unsetenv("TZ");
|
||||
test_tz(tzcases->expect);
|
||||
}
|
||||
|
||||
ATF_TC(tz_env_setugid);
|
||||
ATF_TC_HEAD(tz_env_setugid, tc)
|
||||
{
|
||||
@@ -342,7 +367,7 @@ ATF_TC_HEAD(tz_env_setugid, tc)
|
||||
}
|
||||
ATF_TC_BODY(tz_env_setugid, tc)
|
||||
{
|
||||
const struct tzcase *tzcase;
|
||||
const struct tzcase *tzcase = tzcases;
|
||||
|
||||
ATF_REQUIRE_EQ(0, seteuid(UID_NOBODY));
|
||||
ATF_REQUIRE(issetugid());
|
||||
@@ -359,6 +384,7 @@ ATF_TP_ADD_TCS(tp)
|
||||
ATF_TP_ADD_TC(tp, detect_tz_changes);
|
||||
#endif /* DETECT_TZ_CHANGES */
|
||||
ATF_TP_ADD_TC(tp, tz_env);
|
||||
ATF_TP_ADD_TC(tp, setugid);
|
||||
ATF_TP_ADD_TC(tp, tz_env_setugid);
|
||||
return (atf_no_error());
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user