Since kernel commit bdbb776f changed the permission check from euid to uid, so, we should also change our code to be consistent with it.
commit bdbb776f882f5ad431aa1e694c69c1c3d6a4a5b8 Author: Kees Cook <[email protected]> Date: Mon Mar 19 16:12:53 2012 -0700 futex: Do not leak robust list to unprivileged process It was possible to extract the robust list head address from a setuid process if it had used set_robust_list(), allowing an ASLR info leak. This changes the permission checks to be the same as those used for similar info that comes out of /proc. Running a setuid program that uses robust futexes would have had: cred->euid != pcred->euid cred->euid == pcred->uid so the old permissions check would allow it. I'm not aware of any setuid programs that use robust futexes, so this is just a preventative measure. Signed-off-by: Wanlong Gao <[email protected]> --- .../syscalls/get_robust_list/get_robust_list01.c | 30 ++++++++++------------ 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c b/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c index 27c0be6..34d0985 100644 --- a/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c +++ b/testcases/kernel/syscalls/get_robust_list/get_robust_list01.c @@ -152,8 +152,18 @@ int main(int argc, char **argv) tst_resm(TFAIL, "get_robust_list succeeded unexpectedly"); - if (seteuid(1) == -1) - tst_brkm(TBROK|TERRNO, cleanup, "seteuid(1) failed"); + TEST(retval = syscall(__NR_get_robust_list, 0, + (struct robust_list_head **)&head, + &len_ptr)); + + if (TEST_RETURN == 0) + tst_resm(TPASS, "get_robust_list succeeded"); + else + tst_resm(TFAIL|TTERRNO, + "get_robust_list failed unexpectedly"); + + if (setuid(1) == -1) + tst_brkm(TBROK|TERRNO, cleanup, "setuid(1) failed"); TEST(retval = syscall(__NR_get_robust_list, 1, (struct robust_list_head *)&head, @@ -170,20 +180,6 @@ int main(int argc, char **argv) } else tst_resm(TFAIL, "get_robust_list succeeded unexpectedly"); - - if (seteuid(0) == -1) - tst_brkm(TBROK|TERRNO, cleanup, "seteuid(0) failed"); - - TEST(retval = syscall(__NR_get_robust_list, 0, - (struct robust_list_head **)&head, - &len_ptr)); - - if (TEST_RETURN == 0) - tst_resm(TPASS, "get_robust_list succeeded"); - else - tst_resm(TFAIL|TTERRNO, - "get_robust_list failed unexpectedly"); - } cleanup(); @@ -203,4 +199,4 @@ void setup(void) void cleanup(void) { TEST_CLEANUP; -} \ No newline at end of file +} -- 1.7.11.rc0 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
