From nobody Mon Sep 1 06:35:42 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cFfJZ64jCz66J2P; Mon, 01 Sep 2025 06:35:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cFfJZ4nh3z3j2L; Mon, 01 Sep 2025 06:35:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756708542; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qqJvJRiGyOt89/uZpmreCLLbpPqYcBB2OTUNuVCJXkQ=; b=L6U+6ss1AnfT1LH3S8HQjppDKOawt/Yuu97oMA7mWqK2O4HCEnGwNjPevVng9f0TIt5UMm Ca2kXslxzqjrsP8iQ6BPmLnqYairfMIt9X2o7SrFr2sNWxHW2cjGrK9osvorhrzYfOteiG vdToJUD1PI72S2dkCAT8BaFt4OGeqXkAuxH9H2fdt5ox3x50ssZWWGRS9gGZUJG4W0ooCn Tm0J3C1TjiEnqPOuXf0uYmi5sw9nGlvNQVcdnICdX9t7T+hXDZ3Nou4eRN0Xj8kupnmvrH EjR314FQ5GBLFxBsmmi8gdzyZMIW38+l94fFJMhYmWT1Prj4XdZVVW2UUHdQ5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756708542; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qqJvJRiGyOt89/uZpmreCLLbpPqYcBB2OTUNuVCJXkQ=; b=Gr3pmaeOh7gXLzPi9K72eFvmvZhJ8Q5HpJR/XpPmolxI38N385fvGe0vn43LryADs5RYlM qOtKJKQnvQffXdWiX8TG70ab/tIziTVZM0wx3n6rAYyB260s7mjtBVQUVpr+ZN73A7UDbA uflhO0dVRbl2EfFqzGGOQ+uMKnCG7YF9MKm2UbMyAAXepvYb4qErNm/sf3CT8e7B2yc57Y 5K+0Zg3w1J0Ng17pYxITTH3A28j4wxvxJnpBFBiEsbR7oIBGAKgyokVMhP30fnoO94pk9W RaTBOumK1zpcv7Wi8b7HsRI84MWw0ZUATh51Kidf3gANiddG6mpv5EQ2rVrfSA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1756708542; a=rsa-sha256; cv=none; b=mCTdzwaARIkElV0JuSxVMOelQs1hNkdl/cIoqfHWE66DEGvngEPB6LtzpRgd6tPE0gl1TN BXEOHTLAcsLaod+4j4yae44MrgvkWbZQKhTCSwlXKsd67+KZUqEsvwYRkQrdsR6/iE5dNt 10P5ev28MNdL2WWHUJILB8cP1TR4iqdUJv1sXNSME8xufZiYIZy1gLqm6eqa7C50MVo9vT ddiJd3HbpUxARuwSRfSqFGBq28V4NbuWtTP/dHoGDEp57A1/a4E544DWI6D2tarvT54Qr2 HX5t5yUxws7OOu9BRtHxRDA97SEhXxSjiyyPsKRFKTQrncZrG7uahcoBMVFUUQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cFfJZ4P9Nzp78; Mon, 01 Sep 2025 06:35:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5816Zgtm058111; Mon, 1 Sep 2025 06:35:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5816Zgec058107; Mon, 1 Sep 2025 06:35:42 GMT (envelope-from git) Date: Mon, 1 Sep 2025 06:35:42 GMT Message-Id: <202509010635.5816Zgec058107@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= Subject: git: 016d3ec239b3 - main - tzcode: Add a test case for plain issetugid case List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 016d3ec239b39895cf19aa62552fc316d7d98045 Auto-Submitted: auto-generated The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=016d3ec239b39895cf19aa62552fc316d7d98045 commit 016d3ec239b39895cf19aa62552fc316d7d98045 Author: Dag-Erling Smørgrav AuthorDate: 2025-09-01 06:33:37 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2025-09-01 06:33:47 +0000 tzcode: Add a test case for plain issetugid case This catches a bug in tzcode which incorrectly considers TZDEFAULT as unsafe as if it came from the environment. Also deduplicate some repeated code, and fix a missing mode in an open(2) call with O_CREAT set. Event: Oslo Hackathon 202508 Reviewed by: philip Differential Revision: https://reviews.freebsd.org/D52241 --- lib/libc/tests/stdtime/detect_tz_changes_test.c | 60 ++++++++++++++++++------- 1 file changed, 43 insertions(+), 17 deletions(-) diff --git a/lib/libc/tests/stdtime/detect_tz_changes_test.c b/lib/libc/tests/stdtime/detect_tz_changes_test.c index ad8c4818669d..6648d8498cc5 100644 --- a/lib/libc/tests/stdtime/detect_tz_changes_test.c +++ b/lib/libc/tests/stdtime/detect_tz_changes_test.c @@ -70,7 +70,7 @@ change_tz(const char *tzn) ATF_REQUIRE((zfd = open(zfn, O_DIRECTORY | O_SEARCH)) >= 0); ATF_REQUIRE((sfd = openat(zfd, tzn, O_RDONLY)) >= 0); - ATF_REQUIRE((dfd = open(tfn, O_CREAT | O_TRUNC | O_WRONLY)) >= 0); + ATF_REQUIRE((dfd = open(tfn, O_CREAT | O_TRUNC | O_WRONLY, 0644)) >= 0); do { clen = copy_file_range(sfd, NULL, dfd, NULL, SSIZE_MAX, 0); ATF_REQUIRE_MSG(clen != -1, "failed to copy %s/%s: %m", @@ -83,6 +83,19 @@ change_tz(const char *tzn) debug("time zone %s installed", tzn); } +static void +test_tz(const char *expect) +{ + char buf[128]; + struct tm *tm; + size_t len; + + ATF_REQUIRE((tm = localtime(&then)) != NULL); + len = strftime(buf, sizeof(buf), "%z (%Z)", tm); + ATF_REQUIRE(len > 0); + ATF_CHECK_STREQ(expect, buf); +} + ATF_TC(thin_jail); ATF_TC_HEAD(thin_jail, tc) { @@ -92,9 +105,6 @@ ATF_TC_HEAD(thin_jail, tc) ATF_TC_BODY(thin_jail, tc) { const struct tzcase *tzcase = tzcases; - char buf[128]; - struct tm *tm; - size_t len; /* prepare chroot */ ATF_REQUIRE_EQ(0, mkdir("root", 0755)); @@ -105,10 +115,7 @@ ATF_TC_BODY(thin_jail, tc) ATF_REQUIRE_EQ(0, chdir("/")); /* check timezone */ unsetenv("TZ"); - ATF_REQUIRE((tm = localtime(&then)) != NULL); - len = strftime(buf, sizeof(buf), "%z (%Z)", tm); - ATF_REQUIRE(len > 0); - ATF_CHECK_STREQ(tzcase->expect, buf); + test_tz(tzcase->expect); } #ifdef DETECT_TZ_CHANGES @@ -309,15 +316,8 @@ ATF_TC_BODY(detect_tz_changes, tc) static void test_tz_env(const char *tzval, const char *expect) { - char buf[128]; - struct tm *tm; - size_t len; - setenv("TZ", tzval, 1); - ATF_REQUIRE((tm = localtime(&then)) != NULL); - len = strftime(buf, sizeof(buf), "%z (%Z)", tm); - ATF_REQUIRE(len > 0); - ATF_CHECK_STREQ(expect, buf); + test_tz(expect); } ATF_TC(tz_env); @@ -333,6 +333,31 @@ ATF_TC_BODY(tz_env, tc) test_tz_env(tzcase->tzfn, tzcase->expect); } +ATF_TC(setugid); +ATF_TC_HEAD(setugid, tc) +{ + atf_tc_set_md_var(tc, "descr", "Test setugid process"); + atf_tc_set_md_var(tc, "require.user", "root"); +} +ATF_TC_BODY(setugid, tc) +{ + const struct tzcase *tzcase = tzcases; + + /* prepare chroot */ + ATF_REQUIRE_EQ(0, mkdir("root", 0755)); + ATF_REQUIRE_EQ(0, mkdir("root/etc", 0755)); + change_tz(tzcase->tzfn); + /* enter chroot */ + ATF_REQUIRE_EQ(0, chroot("root")); + ATF_REQUIRE_EQ(0, chdir("/")); + /* become setugid */ + ATF_REQUIRE_EQ(0, seteuid(UID_NOBODY)); + ATF_REQUIRE(issetugid()); + /* check timezone */ + unsetenv("TZ"); + test_tz(tzcases->expect); +} + ATF_TC(tz_env_setugid); ATF_TC_HEAD(tz_env_setugid, tc) { @@ -342,7 +367,7 @@ ATF_TC_HEAD(tz_env_setugid, tc) } ATF_TC_BODY(tz_env_setugid, tc) { - const struct tzcase *tzcase; + const struct tzcase *tzcase = tzcases; ATF_REQUIRE_EQ(0, seteuid(UID_NOBODY)); ATF_REQUIRE(issetugid()); @@ -359,6 +384,7 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, detect_tz_changes); #endif /* DETECT_TZ_CHANGES */ ATF_TP_ADD_TC(tp, tz_env); + ATF_TP_ADD_TC(tp, setugid); ATF_TP_ADD_TC(tp, tz_env_setugid); return (atf_no_error()); }