----- Original Message -----
> From: "Wanlong Gao" <[email protected]>
> To: [email protected]
> Sent: Wednesday, 20 June, 2012 4:16:55 AM
> Subject: [LTP] [PATCH] get_robust_list: change seteuid to setuid
>
> Since kernel commit bdbb776f changed the permission check
> from euid to uid, so, we should also change our code to
> be consistent with it.
>
> commit bdbb776f882f5ad431aa1e694c69c1c3d6a4a5b8
> Author: Kees Cook <[email protected]>
> Date: Mon Mar 19 16:12:53 2012 -0700
>
> futex: Do not leak robust list to unprivileged process
>
> It was possible to extract the robust list head address from a
> setuid
> process if it had used set_robust_list(), allowing an ASLR info
> leak. This
> changes the permission checks to be the same as those used for
> similar
> info that comes out of /proc.
>
> Running a setuid program that uses robust futexes would have had:
> cred->euid != pcred->euid
> cred->euid == pcred->uid
> so the old permissions check would allow it. I'm not aware of any
> setuid
> programs that use robust futexes, so this is just a preventative
> measure.
>
> Signed-off-by: Wanlong Gao <[email protected]>
> ---
> .../syscalls/get_robust_list/get_robust_list01.c | 28
> ++++++++++------------
> 1 file changed, 12 insertions(+), 16 deletions(-)
>
> diff --git
> a/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c
> b/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c
> index 27c0be6..b8e9797 100644
> --- a/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c
> +++ b/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c
> @@ -152,7 +152,17 @@ int main(int argc, char **argv)
> tst_resm(TFAIL,
> "get_robust_list succeeded unexpectedly");
>
> - if (seteuid(1) == -1)
> + TEST(retval = syscall(__NR_get_robust_list, 0,
> + (struct robust_list_head **)&head,
> + &len_ptr));
> +
> + if (TEST_RETURN == 0)
> + tst_resm(TPASS, "get_robust_list succeeded");
> + else
> + tst_resm(TFAIL|TTERRNO,
> + "get_robust_list failed unexpectedly");
> +
> + if (setuid(1) == -1)
> tst_brkm(TBROK|TERRNO, cleanup, "seteuid(1) failed");
error above still says "seteuid",
other than that it looks OK and still works on kernels older than 3.4
Regards,
Jan
>
> TEST(retval = syscall(__NR_get_robust_list, 1,
> @@ -170,20 +180,6 @@ int main(int argc, char **argv)
> } else
> tst_resm(TFAIL,
> "get_robust_list succeeded unexpectedly");
> -
> - if (seteuid(0) == -1)
> - tst_brkm(TBROK|TERRNO, cleanup, "seteuid(0) failed");
> -
> - TEST(retval = syscall(__NR_get_robust_list, 0,
> - (struct robust_list_head **)&head,
> - &len_ptr));
> -
> - if (TEST_RETURN == 0)
> - tst_resm(TPASS, "get_robust_list succeeded");
> - else
> - tst_resm(TFAIL|TTERRNO,
> - "get_robust_list failed unexpectedly");
> -
> }
>
> cleanup();
> @@ -203,4 +199,4 @@ void setup(void)
> void cleanup(void)
> {
> TEST_CLEANUP;
> -}
> \ No newline at end of file
> +}
> --
> 1.7.11.rc0
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond.
> Discussions
> will include endpoint security, mobile security and the latest in
> malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Ltp-list mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/ltp-list
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list
