Change access check for posix compliance for

CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH root access check for CAP_DAC_OVERRIDE
2026-05-01 15:01:44 -07:00 · 2004-03-30 03:05:40 +00:00
parent c4112b799e
commit 31dd09e00d
5 changed files with 150 additions and 1 deletions
@@ -0,0 +1,67 @@
+#! /bin/sh
+# XFS QA Test No. 088
+#
+# test out CAP_DAC_OVERRIDE and CAP_DAC_SEARCH code in 
+# xfs_iaccess(ip,mode,cr)
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2000-2004 Silicon Graphics, Inc.  All Rights Reserved.
+# 
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of version 2 of the GNU General Public License as
+# published by the Free Software Foundation.
+# 
+# This program is distributed in the hope that it would be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# 
+# Further, this software is distributed without any warranty that it is
+# free of the rightful claim of any third person regarding infringement
+# or the like.  Any license provided herein, whether implied or
+# otherwise, applies only to this software file.  Patent licenses, if
+# any, provided herein do not apply to combinations of this program with
+# other software, or any other product whatsoever.
+# 
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write the Free Software Foundation, Inc., 59
+# Temple Place - Suite 330, Boston MA 02111-1307, USA.
+# 
+# Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy,
+# Mountain View, CA  94043, or:
+# 
+# http://www.sgi.com 
+# 
+# For further information regarding this notice, see: 
+# 
+# http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/
+#-----------------------------------------------------------------------
+#
+# creator
+owner=root@icy.melbourne.sgi.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1	# failure is the default!
+trap "rm -f $tmp.*; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_filter()
+{
+    sed -e "s#$TEST_DIR#TEST_DIR#g" \
+        -e '/----------/d'
+}
+
+# real QA test starts here
+
+path=$TEST_DIR/t_access
+src/t_access_root $path | _filter
+
+# success, all done
+status=0
+exit
@@ -0,0 +1,9 @@
+QA output created by 088
+access(TEST_DIR/t_access, 0) returns 0
+access(TEST_DIR/t_access, R_OK) returns 0
+access(TEST_DIR/t_access, W_OK) returns 0
+access(TEST_DIR/t_access, X_OK) returns -1
+access(TEST_DIR/t_access, R_OK | W_OK) returns 0
+access(TEST_DIR/t_access, R_OK | X_OK) returns -1
+access(TEST_DIR/t_access, W_OK | X_OK) returns -1
+access(TEST_DIR/t_access, R_OK | W_OK | X_OK) returns -1
@@ -41,6 +41,9 @@ copy		harshula@sgi.com
 # chacl, libacl
 acl		tes@sgi.com ajag@sgi.com

+# permissions
+perms		tes@sgi.com
+
 # xfs_growfs
 growfs		ajag@sgi.com

@@ -151,3 +154,4 @@ ioctl		nathans@sgi.com
 085 log auto
 086 log auto
 087 log auto
+088 perms
@@ -38,7 +38,7 @@ TARGETS = alloc acl_get bstat devzero dirstress fault feature \
 	  nametest permname randholes runas truncfile usemem \
 	  fstest mmapcat append_reader append_writer \
 	  dirperf metaperf enospc_unlink resvtest scaleread \
-	  godown
+	  godown t_access_root
 ifeq ($(ENABLE_DBM), yes)
 TARGETS += dbtest
 endif
@@ -0,0 +1,69 @@
+/* 
+ *  t_access_root.c - trivial test program to show permission bug.
+ *
+ *  Written by Michael Kerrisk - copyright ownership not pursued.
+ *  Sourced from: http://linux.derkeiler.com/Mailing-Lists/Kernel/2003-10/6030.html  
+ */
+
+#include <limits.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#define UID 500
+#define GID 100
+#define PERM 0
+#define TESTPATH "/tmp/t_access"
+
+static void
+errExit(char *msg)
+{
+    perror(msg);
+    exit(EXIT_FAILURE);
+} /* errExit */
+
+static void
+accessTest(char *file, int mask, char *mstr)
+{
+    printf("access(%s, %s) returns %d\n", file, mstr, access(file, mask));
+} /* accessTest */
+
+int
+main(int argc, char *argv[])
+{
+    int fd, perm, uid, gid;
+    char *testpath;
+    char cmd[PATH_MAX + 20];
+
+    testpath = (argc > 1) ? argv[1] : TESTPATH;
+    perm = (argc > 2) ? strtoul(argv[2], NULL, 8) : PERM;
+    uid = (argc > 3) ? atoi(argv[3]) : UID;
+    gid = (argc > 4) ? atoi(argv[4]) : GID;
+
+    unlink(testpath);
+
+    fd = open(testpath, O_RDWR | O_CREAT, 0);
+    if (fd == -1) errExit("open");
+
+    if (fchown(fd, uid, gid) == -1) errExit("fchown");
+    if (fchmod(fd, perm) == -1) errExit("fchmod");
+    close(fd);
+
+    snprintf(cmd, sizeof(cmd), "ls -l %s", testpath);
+    system(cmd);
+
+    if (seteuid(uid) == -1) errExit("seteuid");
+
+    accessTest(testpath, 0, "0");
+    accessTest(testpath, R_OK, "R_OK");
+    accessTest(testpath, W_OK, "W_OK");
+    accessTest(testpath, X_OK, "X_OK");
+    accessTest(testpath, R_OK | W_OK, "R_OK | W_OK");
+    accessTest(testpath, R_OK | X_OK, "R_OK | X_OK");
+    accessTest(testpath, W_OK | X_OK, "W_OK | X_OK");
+    accessTest(testpath, R_OK | W_OK | X_OK, "R_OK | W_OK | X_OK");
+
+    exit(EXIT_SUCCESS);
+} /* main */