1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) International Business Machines Corp., 2002
4 * Ported from SPIE by Airong Zhang <zhanga@us.ibm.com>
5 * Copyright (c) 2021 SUSE LLC <mdoucha@suse.cz>
6 */
7
8 /*\
9 * [Description]
10 *
11 * Verify that the group ID and setgid bit are set correctly when a new file
12 * is created.
13 */
14
15 #include <stdlib.h>
16 #include <sys/types.h>
17 #include <pwd.h>
18 #include "tst_test.h"
19 #include "tst_uid.h"
20
21 #define MODE_RWX 0777
22 #define MODE_SGID (S_ISGID|0777)
23
24 #define DIR_A "dir_a"
25 #define DIR_B "dir_b"
26 #define SETGID_A DIR_A "/setgid"
27 #define NOSETGID_A DIR_A "/nosetgid"
28 #define SETGID_B DIR_B "/setgid"
29 #define NOSETGID_B DIR_B "/nosetgid"
30 #define ROOT_SETGID DIR_B "/root_setgid"
31
32 static char *tmpdir;
33 static uid_t orig_uid, nobody_uid;
34 static gid_t nobody_gid, free_gid;
35 static int fd = -1;
36
setup(void)37 static void setup(void)
38 {
39 struct passwd *ltpuser = SAFE_GETPWNAM("nobody");
40
41 orig_uid = getuid();
42 nobody_uid = ltpuser->pw_uid;
43 nobody_gid = ltpuser->pw_gid;
44 tst_res(TINFO, "User nobody: uid = %d, gid = %d", (int)nobody_uid,
45 (int)nobody_gid);
46 free_gid = tst_get_free_gid(nobody_gid);
47 tmpdir = tst_get_tmpdir();
48 }
49
file_test(const char * name,mode_t mode,int sgid,gid_t gid)50 static void file_test(const char *name, mode_t mode, int sgid, gid_t gid)
51 {
52 struct stat buf;
53
54 fd = SAFE_CREAT(name, mode);
55 SAFE_STAT(name, &buf);
56 SAFE_CLOSE(fd);
57
58 if (buf.st_gid != gid) {
59 tst_res(TFAIL, "%s: Incorrect group, %u != %u", name,
60 buf.st_gid, gid);
61 } else {
62 tst_res(TPASS, "%s: Owned by correct group", name);
63 }
64
65 if (sgid < 0) {
66 tst_res(TINFO, "%s: Skipping setgid bit check", name);
67 return;
68 }
69
70 if (buf.st_mode & S_ISGID)
71 tst_res(sgid ? TPASS : TFAIL, "%s: Setgid bit is set", name);
72 else
73 tst_res(sgid ? TFAIL : TPASS, "%s: Setgid bit not set", name);
74 }
75
run(void)76 static void run(void)
77 {
78 struct stat buf;
79
80 /* Create directories and set permissions */
81 SAFE_MKDIR(DIR_A, MODE_RWX);
82 SAFE_CHOWN(DIR_A, nobody_uid, free_gid);
83 SAFE_STAT(DIR_A, &buf);
84
85 if (buf.st_mode & S_ISGID)
86 tst_brk(TBROK, "%s: Setgid bit is set", DIR_A);
87
88 if (buf.st_gid != free_gid) {
89 tst_brk(TBROK, "%s: Incorrect group, %u != %u", DIR_A,
90 buf.st_gid, free_gid);
91 }
92
93 SAFE_MKDIR(DIR_B, MODE_RWX);
94 SAFE_CHOWN(DIR_B, nobody_uid, free_gid);
95 SAFE_CHMOD(DIR_B, MODE_SGID);
96 SAFE_STAT(DIR_B, &buf);
97
98 if (!(buf.st_mode & S_ISGID))
99 tst_brk(TBROK, "%s: Setgid bit not set", DIR_B);
100
101 if (buf.st_gid != free_gid) {
102 tst_brk(TBROK, "%s: Incorrect group, %u != %u", DIR_B,
103 buf.st_gid, free_gid);
104 }
105
106 /* Switch to user nobody and create two files in DIR_A */
107 /* Both files should inherit GID from the process */
108 SAFE_SETGID(nobody_gid);
109 SAFE_SETREUID(-1, nobody_uid);
110 file_test(NOSETGID_A, MODE_RWX, 0, nobody_gid);
111 file_test(SETGID_A, MODE_SGID, 1, nobody_gid);
112
113 /* Create two files in DIR_B and validate owner and permissions */
114 /* Both files should inherit GID from the parent directory */
115 file_test(NOSETGID_B, MODE_RWX, 0, free_gid);
116 /*
117 * CVE 2018-13405 (privilege escalation using setgid bit) has its
118 * own test, skip setgid check here
119 */
120 file_test(SETGID_B, MODE_SGID, -1, free_gid);
121
122 /* Switch back to root UID and create a file in DIR_B */
123 /* The file should inherid GID from parent directory */
124 SAFE_SETREUID(-1, orig_uid);
125 file_test(ROOT_SETGID, MODE_SGID, 1, free_gid);
126
127 /* Cleanup between loops */
128 tst_purge_dir(tmpdir);
129 }
130
cleanup(void)131 static void cleanup(void)
132 {
133 if (fd >= 0)
134 SAFE_CLOSE(fd);
135
136 free(tmpdir);
137 }
138
139 static struct tst_test test = {
140 .test_all = run,
141 .setup = setup,
142 .cleanup = cleanup,
143 .needs_root = 1,
144 .needs_tmpdir = 1,
145 };
146