Quoting Garrett Cooper ([email protected]): > On May 5, 2010, at 11:56 PM, Subrata Modak wrote: > > > Subject: LTPś sysctl03 test fails > > > > Issues Description Below: > > ===================================== > > # ./runltp -s sysctl03 > > <<<test_output>>> > > sysctl03 1 TFAIL : Expected EPERM (1), got 13: Permission denied > > sysctl03 2 TFAIL : Expected EPERM, got 13 > > sysctl03 1 TFAIL : Expected EPERM (1), got 13: Permission denied > > <<<execution_status>>> > > initiation_status="ok" > > duration=0 termination_type=exited termination_id=1 corefile=no > > cutime=0 cstime=0 > > <<<test_end>>> > > Already known and recently discussed.
Not only can things move glacially in kernel-land, but decisions not yet implemented can be changed. In the meantime, the sysctl's sit there as a potential subject for exploitation. So not meaning to be argumentative for its own sake, I nevertheless think it's better to fix the test than either to ignore or remove it. Two untested patches below - the one just replaces EPERM with EACCESS. The other removes the (imo misuided) notion that we can guess at the failing errno. An LSM could choose to return -EPERM after all, or perhaps even something different. The thing that should scare us is if the call succeeds. If we give any false positives, then true positives will seem less scary. -serge From 2cf7797329275126cc3f80a24bfb8bb2e3f44747 Mon Sep 17 00:00:00 2001 From: Serge E. Hallyn <[email protected]> Date: Thu, 6 May 2010 08:30:52 -0500 Subject: [PATCH 1/1] sysctl: check for EACCES Signed-off-by: Serge E. Hallyn <[email protected]> --- testcases/kernel/syscalls/sysctl/sysctl03.c | 22 +++++++++++----------- 1 files changed, 11 insertions(+), 11 deletions(-) diff --git a/testcases/kernel/syscalls/sysctl/sysctl03.c b/testcases/kernel/syscalls/sysctl/sysctl03.c index f8e743b..e4477f7 100644 --- a/testcases/kernel/syscalls/sysctl/sysctl03.c +++ b/testcases/kernel/syscalls/sysctl/sysctl03.c @@ -22,15 +22,15 @@ * sysctl03.c * * DESCRIPTION - * Testcase to check that sysctl(2) sets errno to EPERM correctly. + * Testcase to check that sysctl(2) sets errno to EACCES correctly. * * ALGORITHM * a. Call sysctl(2) as a root user, and attempt to write data * to the kernel_table[]. Since the table does not have write - * permissions even for the root, it should fail EPERM. + * permissions even for the root, it should fail EACCES. * b. Call sysctl(2) as a non-root user, and attempt to write data * to the kernel_table[]. Since the table does not have write - * permission for the regular user, it should fail with EPERM. + * permission for the regular user, it should fail with EACCES. * * USAGE: <for command-line> * sysctl03 [-c n] [-e] [-i n] [-I x] [-P x] [-t] @@ -76,7 +76,7 @@ int sysctl(int *name, int nlen, void *oldval, size_t * oldlenp, void setup(void); void cleanup(void); -int exp_enos[] = { EPERM, 0 }; +int exp_enos[] = { EACCES, 0 }; int main(int ac, char **av) { @@ -114,13 +114,13 @@ int main(int ac, char **av) } else { TEST_ERROR_LOG(TEST_ERRNO); - if (TEST_ERRNO != EPERM) { + if (TEST_ERRNO != EACCES) { tst_resm(TFAIL, - "Expected EPERM (%d), got %d: %s", - EPERM, TEST_ERRNO, + "Expected EACCES (%d), got %d: %s", + EACCES, TEST_ERRNO, strerror(TEST_ERRNO)); } else { - tst_resm(TPASS, "Got expected EPERM error"); + tst_resm(TPASS, "Got expected EACCES error"); } } @@ -147,11 +147,11 @@ int main(int ac, char **av) } else { TEST_ERROR_LOG(TEST_ERRNO); - if (TEST_ERRNO != EPERM) { - tst_resm(TFAIL, "Expected EPERM, got " + if (TEST_ERRNO != EACCES) { + tst_resm(TFAIL, "Expected EACCES, got " "%d", TEST_ERRNO); } else { - tst_resm(TPASS, "Got expected EPERM " + tst_resm(TPASS, "Got expected EACCES " "error"); } } -- 1.6.3.3 From c290aeda205afc764f25515b0eaaf9ae05fe3365 Mon Sep 17 00:00:00 2001 From: Serge E. Hallyn <[email protected]> Date: Thu, 6 May 2010 08:51:00 -0500 Subject: [PATCH 1/1] accept any sysctl failure Signed-off-by: Serge E. Hallyn <[email protected]> --- testcases/kernel/syscalls/sysctl/sysctl03.c | 28 +++++--------------------- 1 files changed, 6 insertions(+), 22 deletions(-) diff --git a/testcases/kernel/syscalls/sysctl/sysctl03.c b/testcases/kernel/syscalls/sysctl/sysctl03.c index f8e743b..fcd8635 100644 --- a/testcases/kernel/syscalls/sysctl/sysctl03.c +++ b/testcases/kernel/syscalls/sysctl/sysctl03.c @@ -22,15 +22,15 @@ * sysctl03.c * * DESCRIPTION - * Testcase to check that sysctl(2) sets errno to EPERM correctly. + * Testcase to check that sysctl(2) fail correctly. * * ALGORITHM * a. Call sysctl(2) as a root user, and attempt to write data * to the kernel_table[]. Since the table does not have write - * permissions even for the root, it should fail EPERM. + * permissions even for the root, it should fail. * b. Call sysctl(2) as a non-root user, and attempt to write data * to the kernel_table[]. Since the table does not have write - * permission for the regular user, it should fail with EPERM. + * permission for the regular user, it should fail. * * USAGE: <for command-line> * sysctl03 [-c n] [-e] [-i n] [-I x] [-P x] [-t] @@ -76,7 +76,7 @@ int sysctl(int *name, int nlen, void *oldval, size_t * oldlenp, void setup(void); void cleanup(void); -int exp_enos[] = { EPERM, 0 }; +int exp_enos[] = { EPERM, EACCES, 0 }; int main(int ac, char **av) { @@ -113,15 +113,7 @@ int main(int ac, char **av) tst_resm(TFAIL, "sysctl(2) succeeded unexpectedly"); } else { TEST_ERROR_LOG(TEST_ERRNO); - - if (TEST_ERRNO != EPERM) { - tst_resm(TFAIL, - "Expected EPERM (%d), got %d: %s", - EPERM, TEST_ERRNO, - strerror(TEST_ERRNO)); - } else { - tst_resm(TPASS, "Got expected EPERM error"); - } + tst_resm(TPASS, "sysctl(2) failed as expected."); } osnamelth = SIZE(osname); @@ -145,15 +137,7 @@ int main(int ac, char **av) if (TEST_RETURN != -1) { tst_resm(TFAIL, "call succeeded unexpectedly"); } else { - TEST_ERROR_LOG(TEST_ERRNO); - - if (TEST_ERRNO != EPERM) { - tst_resm(TFAIL, "Expected EPERM, got " - "%d", TEST_ERRNO); - } else { - tst_resm(TPASS, "Got expected EPERM " - "error"); - } + tst_resm(TPASS, "sysctl failed as expected"); } cleanup(); -- 1.6.3.3 ------------------------------------------------------------------------------ _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
