1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com>
4 */
5 /* Check for CVE-2016-9604; that keys beginning with "." are disallowed.
6 *
7 * See commit ee8f844e3c5a73b999edf733df1c529d6503ec2f
8 */
9
10 #include <errno.h>
11 #include "tst_test.h"
12 #include "lapi/keyctl.h"
13
run(void)14 void run(void)
15 {
16 if (keyctl_join_session_keyring(".builtin_trusted_keys") == -1) {
17 if (errno != EPERM) {
18 tst_brk(TBROK | TERRNO,
19 "keyctl_join_sessoin_keyring(...)");
20 }
21
22 tst_res(TPASS, "Denied access to .builtin_trusted_keys");
23 } else {
24 tst_res(TFAIL, "Allowed access to .builtin_trusted_keys");
25 }
26 }
27
28 static struct tst_test test = {
29 .test_all = run,
30 .needs_root = 1,
31 .min_kver = "2.6.13",
32 .tags = (const struct tst_tag[]) {
33 {"CVE", "2016-9604"},
34 {"linux-git", "ee8f844e3c5a"},
35 {}
36 }
37 };
38