From owner-svn-src-projects@freebsd.org Fri Mar 22 18:36:02 2019 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D9C88154DAE6 for ; Fri, 22 Mar 2019 18:36:01 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 792958E3DC; Fri, 22 Mar 2019 18:36:01 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 50671244CE; Fri, 22 Mar 2019 18:36:01 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x2MIa1IY086297; Fri, 22 Mar 2019 18:36:01 GMT (envelope-from ngie@FreeBSD.org) Received: (from ngie@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x2MIa1EC086296; Fri, 22 Mar 2019 18:36:01 GMT (envelope-from ngie@FreeBSD.org) Message-Id: <201903221836.x2MIa1EC086296@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ngie set sender to ngie@FreeBSD.org using -f From: Enji Cooper Date: Fri, 22 Mar 2019 18:36:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r345420 - projects/capsicum-test/contrib/capsicum-test X-SVN-Group: projects X-SVN-Commit-Author: ngie X-SVN-Commit-Paths: projects/capsicum-test/contrib/capsicum-test X-SVN-Commit-Revision: 345420 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 792958E3DC X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.96)[-0.962,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Mar 2019 18:36:02 -0000 Author: ngie Date: Fri Mar 22 18:36:00 2019 New Revision: 345420 URL: https://svnweb.freebsd.org/changeset/base/345420 Log: Import the fix from https://github.com/google/capsicum-test/pull/35 From the PR: ``` Fix `OpenatTest.WithFlag` when `O_BENEATH` is passed after 5eb909a37339fe4675ef95b769a07c5eb3894799 The absolute symlink failure to traverse testcases were buggy. They were trying to verify that openat(2) would fail when opening a path outside a sandbox, when in reality it was testing using a directory (`TOPDIR`) fd that was in the sandbox. An easy to implement change was to instead test the absolute path resolution failure using the subdirectory (`SUBDIR`) fd. Reindent the directory hierarchy comment and reorder the elements in the comments and tests to support the change. While here, rename `SUBDIR_ABS` to `SUBDIR`, as `SUBDIR` was not an absolute path. This fixes the rest of #28, along with 5eb909a37339fe4675ef95b769a07c5eb3894799. Signed-off-by: Enji Cooper ``` Modified: projects/capsicum-test/contrib/capsicum-test/openat.cc Modified: projects/capsicum-test/contrib/capsicum-test/openat.cc ============================================================================== --- projects/capsicum-test/contrib/capsicum-test/openat.cc Fri Mar 22 17:53:13 2019 (r345419) +++ projects/capsicum-test/contrib/capsicum-test/openat.cc Fri Mar 22 18:36:00 2019 (r345420) @@ -148,7 +148,7 @@ FORK_TEST(Openat, Relative) { } #define TOPDIR "cap_topdir" -#define SUBDIR_ABS TOPDIR "/subdir" +#define SUBDIR TOPDIR "/subdir" class OpenatTest : public ::testing::Test { public: // Build a collection of files, subdirs and symlinks: @@ -156,20 +156,20 @@ class OpenatTest : public ::testing::Test { // /topfile // /subdir/ // /subdir/bottomfile - // /symlink.samedir -> topfile - // /dsymlink.samedir -> ./ - // /symlink.down -> subdir/bottomfile - // /dsymlink.down -> subdir/ - // /symlink.absolute_in -> /tmp/cap_topdir/topfile - // /dsymlink.absolute_in -> /tmp/cap_topdir/ - // /symlink.absolute_out -> /etc/passwd - // /dsymlink.absolute_out -> /etc/ - // /symlink.relative_in -> ../../tmp/cap_topdir/topfile - // /dsymlink.relative_in -> ../../tmp/cap_topdir/ - // /symlink.relative_out -> ../../etc/passwd - // /dsymlink.relative_out -> ../../etc/ - // /subdir/symlink.up -> ../topfile - // /subdir/dsymlink.up -> ../ + // /symlink.samedir -> topfile + // /dsymlink.samedir -> ./ + // /symlink.down -> subdir/bottomfile + // /dsymlink.down -> subdir/ + // /symlink.absolute_out -> /etc/passwd + // /dsymlink.absolute_out -> /etc/ + // /symlink.relative_in -> ../../tmp/cap_topdir/topfile + // /dsymlink.relative_in -> ../../tmp/cap_topdir/ + // /symlink.relative_out -> ../../etc/passwd + // /dsymlink.relative_out -> ../../etc/ + // /subdir/dsymlink.absolute_in -> /tmp/cap_topdir/ + // /subdir/dsymlink.up -> ../ + // /subdir/symlink.absolute_in -> /tmp/cap_topdir/topfile + // /subdir/symlink.up -> ../topfile // (In practice, this is a little more complicated because tmpdir might // not be "/tmp".) OpenatTest() { @@ -177,7 +177,7 @@ class OpenatTest : public ::testing::Test { int rc = mkdir(TmpFile(TOPDIR), 0755); EXPECT_OK(rc); if (rc < 0) EXPECT_EQ(EEXIST, errno); - rc = mkdir(TmpFile(SUBDIR_ABS), 0755); + rc = mkdir(TmpFile(SUBDIR), 0755); EXPECT_OK(rc); if (rc < 0) EXPECT_EQ(EEXIST, errno); @@ -193,34 +193,34 @@ class OpenatTest : public ::testing::Test { // Create normal files in each. CreateFile(TmpFile(TOPDIR "/topfile"), "Top-level file"); - CreateFile(TmpFile(SUBDIR_ABS "/bottomfile"), "File in subdirectory"); + CreateFile(TmpFile(SUBDIR "/bottomfile"), "File in subdirectory"); // Create various symlinks to files. EXPECT_OK(symlink("topfile", TmpFile(TOPDIR "/symlink.samedir"))); EXPECT_OK(symlink("subdir/bottomfile", TmpFile(TOPDIR "/symlink.down"))); - EXPECT_OK(symlink(TmpFile(TOPDIR "/topfile"), TmpFile(TOPDIR "/symlink.absolute_in"))); + EXPECT_OK(symlink(TmpFile(TOPDIR "/topfile"), TmpFile(SUBDIR "/symlink.absolute_in"))); EXPECT_OK(symlink("/etc/passwd", TmpFile(TOPDIR "/symlink.absolute_out"))); std::string dots2top = dots2root + TmpFile(TOPDIR "/topfile"); EXPECT_OK(symlink(dots2top.c_str(), TmpFile(TOPDIR "/symlink.relative_in"))); std::string dots2passwd = dots2root + "/etc/passwd"; EXPECT_OK(symlink(dots2passwd.c_str(), TmpFile(TOPDIR "/symlink.relative_out"))); - EXPECT_OK(symlink("../topfile", TmpFile(SUBDIR_ABS "/symlink.up"))); + EXPECT_OK(symlink("../topfile", TmpFile(SUBDIR "/symlink.up"))); // Create various symlinks to directories. EXPECT_OK(symlink("./", TmpFile(TOPDIR "/dsymlink.samedir"))); EXPECT_OK(symlink("subdir/", TmpFile(TOPDIR "/dsymlink.down"))); - EXPECT_OK(symlink(TmpFile(TOPDIR "/"), TmpFile(TOPDIR "/dsymlink.absolute_in"))); + EXPECT_OK(symlink(TmpFile(TOPDIR "/"), TmpFile(SUBDIR "/dsymlink.absolute_in"))); EXPECT_OK(symlink("/etc/", TmpFile(TOPDIR "/dsymlink.absolute_out"))); std::string dots2cwd = dots2root + tmpdir + "/"; EXPECT_OK(symlink(dots2cwd.c_str(), TmpFile(TOPDIR "/dsymlink.relative_in"))); std::string dots2etc = dots2root + "/etc/"; EXPECT_OK(symlink(dots2etc.c_str(), TmpFile(TOPDIR "/dsymlink.relative_out"))); - EXPECT_OK(symlink("../", TmpFile(SUBDIR_ABS "/dsymlink.up"))); + EXPECT_OK(symlink("../", TmpFile(SUBDIR "/dsymlink.up"))); // Open directory FDs for those directories and for cwd. dir_fd_ = open(TmpFile(TOPDIR), O_RDONLY); EXPECT_OK(dir_fd_); - sub_fd_ = open(TmpFile(SUBDIR_ABS), O_RDONLY); + sub_fd_ = open(TmpFile(SUBDIR), O_RDONLY); EXPECT_OK(sub_fd_); cwd_ = openat(AT_FDCWD, ".", O_RDONLY); EXPECT_OK(cwd_); @@ -232,23 +232,23 @@ class OpenatTest : public ::testing::Test { close(cwd_); close(sub_fd_); close(dir_fd_); - unlink(TmpFile(SUBDIR_ABS "/symlink.up")); - unlink(TmpFile(TOPDIR "/symlink.absolute_in")); + unlink(TmpFile(SUBDIR "/symlink.up")); + unlink(TmpFile(SUBDIR "/symlink.absolute_in")); unlink(TmpFile(TOPDIR "/symlink.absolute_out")); unlink(TmpFile(TOPDIR "/symlink.relative_in")); unlink(TmpFile(TOPDIR "/symlink.relative_out")); unlink(TmpFile(TOPDIR "/symlink.down")); unlink(TmpFile(TOPDIR "/symlink.samedir")); - unlink(TmpFile(SUBDIR_ABS "/dsymlink.up")); - unlink(TmpFile(TOPDIR "/dsymlink.absolute_in")); + unlink(TmpFile(SUBDIR "/dsymlink.up")); + unlink(TmpFile(SUBDIR "/dsymlink.absolute_in")); unlink(TmpFile(TOPDIR "/dsymlink.absolute_out")); unlink(TmpFile(TOPDIR "/dsymlink.relative_in")); unlink(TmpFile(TOPDIR "/dsymlink.relative_out")); unlink(TmpFile(TOPDIR "/dsymlink.down")); unlink(TmpFile(TOPDIR "/dsymlink.samedir")); - unlink(TmpFile(SUBDIR_ABS "/bottomfile")); + unlink(TmpFile(SUBDIR "/bottomfile")); unlink(TmpFile(TOPDIR "/topfile")); - rmdir(TmpFile(SUBDIR_ABS)); + rmdir(TmpFile(SUBDIR)); rmdir(TmpFile(TOPDIR)); } @@ -277,18 +277,18 @@ class OpenatTest : public ::testing::Test { // Should only be able to open symlinks that stay within the directory. EXPECT_OPEN_OK(openat(dir_fd_, "symlink.samedir", O_RDONLY|oflag)); EXPECT_OPEN_OK(openat(dir_fd_, "symlink.down", O_RDONLY|oflag)); - EXPECT_OPENAT_FAIL_TRAVERSAL(dir_fd_, "symlink.absolute_in", O_RDONLY|oflag); EXPECT_OPENAT_FAIL_TRAVERSAL(dir_fd_, "symlink.absolute_out", O_RDONLY|oflag); EXPECT_OPENAT_FAIL_TRAVERSAL(dir_fd_, "symlink.relative_in", O_RDONLY|oflag); EXPECT_OPENAT_FAIL_TRAVERSAL(dir_fd_, "symlink.relative_out", O_RDONLY|oflag); + EXPECT_OPENAT_FAIL_TRAVERSAL(sub_fd_, "symlink.absolute_in", O_RDONLY|oflag); EXPECT_OPENAT_FAIL_TRAVERSAL(sub_fd_, "symlink.up", O_RDONLY|oflag); EXPECT_OPEN_OK(openat(dir_fd_, "dsymlink.samedir/topfile", O_RDONLY|oflag)); EXPECT_OPEN_OK(openat(dir_fd_, "dsymlink.down/bottomfile", O_RDONLY|oflag)); - EXPECT_OPENAT_FAIL_TRAVERSAL(dir_fd_, "dsymlink.absolute_in/topfile", O_RDONLY|oflag); EXPECT_OPENAT_FAIL_TRAVERSAL(dir_fd_, "dsymlink.absolute_out/passwd", O_RDONLY|oflag); EXPECT_OPENAT_FAIL_TRAVERSAL(dir_fd_, "dsymlink.relative_in/topfile", O_RDONLY|oflag); EXPECT_OPENAT_FAIL_TRAVERSAL(dir_fd_, "dsymlink.relative_out/passwd", O_RDONLY|oflag); + EXPECT_OPENAT_FAIL_TRAVERSAL(sub_fd_, "dsymlink.absolute_in/topfile", O_RDONLY|oflag); EXPECT_OPENAT_FAIL_TRAVERSAL(sub_fd_, "dsymlink.up/topfile", O_RDONLY|oflag); // Although recall that O_NOFOLLOW prevents symlink following in final component. @@ -306,10 +306,10 @@ TEST_F(OpenatTest, WithCapability) { // Any kind of symlink can be opened relative to an ordinary directory FD. EXPECT_OPEN_OK(openat(dir_fd_, "symlink.samedir", O_RDONLY)); EXPECT_OPEN_OK(openat(dir_fd_, "symlink.down", O_RDONLY)); - EXPECT_OPEN_OK(openat(dir_fd_, "symlink.absolute_in", O_RDONLY)); EXPECT_OPEN_OK(openat(dir_fd_, "symlink.absolute_out", O_RDONLY)); EXPECT_OPEN_OK(openat(dir_fd_, "symlink.relative_in", O_RDONLY)); EXPECT_OPEN_OK(openat(dir_fd_, "symlink.relative_out", O_RDONLY)); + EXPECT_OPEN_OK(openat(sub_fd_, "symlink.absolute_in", O_RDONLY)); EXPECT_OPEN_OK(openat(sub_fd_, "symlink.up", O_RDONLY)); // Now make both DFDs into Capsicum capabilities.