1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) Wipro Technologies Ltd, 2002. All Rights Reserved.
4 * Author: Saji Kumar.V.R <saji.kumar@wipro.com>
5 *
6 * Tests whether we can use capset() to modify the capabilities of a thread
7 * other than itself. Now, most linux distributions with kernel supporting
8 * VFS capabilities, this should be never permitted.
9 */
10 #include <stdlib.h>
11 #include <sys/types.h>
12 #include <unistd.h>
13 #include "tst_test.h"
14 #include "lapi/syscalls.h"
15 #include <linux/capability.h>
16
17 static struct __user_cap_header_struct *header;
18 static struct __user_cap_data_struct *data;
19 static pid_t child_pid;
20
verify_capset(void)21 static void verify_capset(void)
22 {
23 child_pid = SAFE_FORK();
24 if (!child_pid)
25 pause();
26
27 tst_res(TINFO, "Test capset() for a different process");
28
29 header->pid = child_pid;
30
31 TST_EXP_FAIL(tst_syscall(__NR_capset, header, data), EPERM, "capset()");
32
33 SAFE_KILL(child_pid, SIGTERM);
34 SAFE_WAIT(NULL);
35 }
36
setup(void)37 static void setup(void)
38 {
39 header->version = 0x20080522;
40 TEST(tst_syscall(__NR_capget, header, data));
41 if (TST_RET == -1)
42 tst_brk(TBROK | TTERRNO, "capget data failed");
43 }
44
45 static struct tst_test test = {
46 .setup = setup,
47 .test_all = verify_capset,
48 .forks_child = 1,
49 .bufs = (struct tst_buffers []) {
50 {&header, .size = sizeof(*header)},
51 {&data, .size = 2 * sizeof(*data)},
52 {},
53 }
54 };
55