Date: Tue, 13 Oct 2020 23:12:06 +0000 From: bugzilla-noreply@freebsd.org To: testing@FreeBSD.org Subject: [Bug 250178] Failing test case: sys.capsicum.functional.Capability__NoBypassDAC Message-ID: <bug-250178-32464-pmvOixpKX9@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-250178-32464@https.bugs.freebsd.org/bugzilla/> References: <bug-250178-32464@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D250178 --- Comment #3 from Ed Maste <emaste@freebsd.org> --- 1281 TEST(Capability, NoBypassDAC) { 1282 REQUIRE_ROOT(); 1283 int fd =3D open(TmpFile("cap_root_owned"), O_RDONLY|O_CREAT, 0644= ); 1284 EXPECT_OK(fd); 1285 cap_rights_t rights; 1286 cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FCHMOD, CAP_FST= AT); 1287 EXPECT_OK(cap_rights_limit(fd, &rights)); 1288 1289 pid_t child =3D fork(); 1290 if (child =3D=3D 0) { 1291 // Child: change uid to a lesser being 1292 setuid(other_uid); 1293 // Attempt to fchmod the file, and fail. 1294 // Having CAP_FCHMOD doesn't bypass the need to comply with DAC policy. 1295 int rc =3D fchmod(fd, 0666); 1296 EXPECT_EQ(-1, rc); 1297 EXPECT_EQ(EPERM, errno); 1298 exit(HasFailure()); 1299 } 1300 int status; 1301 EXPECT_EQ(child, waitpid(child, &status, 0)); 1302 EXPECT_TRUE(WIFEXITED(status)) << "0x" << std::hex << status; 1303 EXPECT_EQ(0, WEXITSTATUS(status)); 1304 struct stat info; 1305 EXPECT_OK(fstat(fd, &info)); 1306 EXPECT_EQ((mode_t)(S_IFREG|0644), info.st_mode); 1307 close(fd); 1308 unlink(TmpFile("cap_root_owned")); 1309 } --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-250178-32464-pmvOixpKX9>