1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com> 4 */ 5 /* Check for CVE-2016-9604; that keys beginning with "." are disallowed. 6 * 7 * See commit ee8f844e3c5a73b999edf733df1c529d6503ec2f 8 */ 9 10 #include <errno.h> 11 #include "tst_test.h" 12 #include "lapi/keyctl.h" 13 run(void)14void run(void) 15 { 16 if (keyctl_join_session_keyring(".builtin_trusted_keys") == -1) { 17 if (errno != EPERM) { 18 tst_brk(TBROK | TERRNO, 19 "keyctl_join_sessoin_keyring(...)"); 20 } 21 22 tst_res(TPASS, "Denied access to .builtin_trusted_keys"); 23 } else { 24 tst_res(TFAIL, "Allowed access to .builtin_trusted_keys"); 25 } 26 } 27 28 static struct tst_test test = { 29 .test_all = run, 30 .needs_root = 1, 31 .tags = (const struct tst_tag[]) { 32 {"CVE", "2016-9604"}, 33 {"linux-git", "ee8f844e3c5a"}, 34 {} 35 } 36 }; 37