git: 016d3ec239b3 - main - tzcode: Add a test case for plain issetugid case

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dag-Erling Smørgrav <des_at_FreeBSD.org>
Date: Mon, 01 Sep 2025 06:35:42 UTC
The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=016d3ec239b39895cf19aa62552fc316d7d98045

commit 016d3ec239b39895cf19aa62552fc316d7d98045
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2025-09-01 06:33:37 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-09-01 06:33:47 +0000

    tzcode: Add a test case for plain issetugid case
    
    This catches a bug in tzcode which incorrectly considers TZDEFAULT as
    unsafe as if it came from the environment.
    
    Also deduplicate some repeated code, and fix a missing mode in an
    open(2) call with O_CREAT set.
    
    Event:          Oslo Hackathon 202508
    Reviewed by:    philip
    Differential Revision:  https://reviews.freebsd.org/D52241
---
 lib/libc/tests/stdtime/detect_tz_changes_test.c | 60 ++++++++++++++++++-------
 1 file changed, 43 insertions(+), 17 deletions(-)

diff --git a/lib/libc/tests/stdtime/detect_tz_changes_test.c b/lib/libc/tests/stdtime/detect_tz_changes_test.c
index ad8c4818669d..6648d8498cc5 100644
--- a/lib/libc/tests/stdtime/detect_tz_changes_test.c
+++ b/lib/libc/tests/stdtime/detect_tz_changes_test.c
@@ -70,7 +70,7 @@ change_tz(const char *tzn)
 
 	ATF_REQUIRE((zfd = open(zfn, O_DIRECTORY | O_SEARCH)) >= 0);
 	ATF_REQUIRE((sfd = openat(zfd, tzn, O_RDONLY)) >= 0);
-	ATF_REQUIRE((dfd = open(tfn, O_CREAT | O_TRUNC | O_WRONLY)) >= 0);
+	ATF_REQUIRE((dfd = open(tfn, O_CREAT | O_TRUNC | O_WRONLY, 0644)) >= 0);
 	do {
 		clen = copy_file_range(sfd, NULL, dfd, NULL, SSIZE_MAX, 0);
 		ATF_REQUIRE_MSG(clen != -1, "failed to copy %s/%s: %m",
@@ -83,6 +83,19 @@ change_tz(const char *tzn)
 	debug("time zone %s installed", tzn);
 }
 
+static void
+test_tz(const char *expect)
+{
+	char buf[128];
+	struct tm *tm;
+	size_t len;
+
+	ATF_REQUIRE((tm = localtime(&then)) != NULL);
+	len = strftime(buf, sizeof(buf), "%z (%Z)", tm);
+	ATF_REQUIRE(len > 0);
+	ATF_CHECK_STREQ(expect, buf);
+}
+
 ATF_TC(thin_jail);
 ATF_TC_HEAD(thin_jail, tc)
 {
@@ -92,9 +105,6 @@ ATF_TC_HEAD(thin_jail, tc)
 ATF_TC_BODY(thin_jail, tc)
 {
 	const struct tzcase *tzcase = tzcases;
-	char buf[128];
-	struct tm *tm;
-	size_t len;
 
 	/* prepare chroot */
 	ATF_REQUIRE_EQ(0, mkdir("root", 0755));
@@ -105,10 +115,7 @@ ATF_TC_BODY(thin_jail, tc)
 	ATF_REQUIRE_EQ(0, chdir("/"));
 	/* check timezone */
 	unsetenv("TZ");
-	ATF_REQUIRE((tm = localtime(&then)) != NULL);
-	len = strftime(buf, sizeof(buf), "%z (%Z)", tm);
-	ATF_REQUIRE(len > 0);
-	ATF_CHECK_STREQ(tzcase->expect, buf);
+	test_tz(tzcase->expect);
 }
 
 #ifdef DETECT_TZ_CHANGES
@@ -309,15 +316,8 @@ ATF_TC_BODY(detect_tz_changes, tc)
 static void
 test_tz_env(const char *tzval, const char *expect)
 {
-	char buf[128];
-	struct tm *tm;
-	size_t len;
-
 	setenv("TZ", tzval, 1);
-	ATF_REQUIRE((tm = localtime(&then)) != NULL);
-	len = strftime(buf, sizeof(buf), "%z (%Z)", tm);
-	ATF_REQUIRE(len > 0);
-	ATF_CHECK_STREQ(expect, buf);
+	test_tz(expect);
 }
 
 ATF_TC(tz_env);
@@ -333,6 +333,31 @@ ATF_TC_BODY(tz_env, tc)
 		test_tz_env(tzcase->tzfn, tzcase->expect);
 }
 
+ATF_TC(setugid);
+ATF_TC_HEAD(setugid, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test setugid process");
+	atf_tc_set_md_var(tc, "require.user", "root");
+}
+ATF_TC_BODY(setugid, tc)
+{
+	const struct tzcase *tzcase = tzcases;
+
+	/* prepare chroot */
+	ATF_REQUIRE_EQ(0, mkdir("root", 0755));
+	ATF_REQUIRE_EQ(0, mkdir("root/etc", 0755));
+	change_tz(tzcase->tzfn);
+	/* enter chroot */
+	ATF_REQUIRE_EQ(0, chroot("root"));
+	ATF_REQUIRE_EQ(0, chdir("/"));
+	/* become setugid */
+	ATF_REQUIRE_EQ(0, seteuid(UID_NOBODY));
+	ATF_REQUIRE(issetugid());
+	/* check timezone */
+	unsetenv("TZ");
+	test_tz(tzcases->expect);
+}
+
 ATF_TC(tz_env_setugid);
 ATF_TC_HEAD(tz_env_setugid, tc)
 {
@@ -342,7 +367,7 @@ ATF_TC_HEAD(tz_env_setugid, tc)
 }
 ATF_TC_BODY(tz_env_setugid, tc)
 {
-	const struct tzcase *tzcase;
+	const struct tzcase *tzcase = tzcases;
 
 	ATF_REQUIRE_EQ(0, seteuid(UID_NOBODY));
 	ATF_REQUIRE(issetugid());
@@ -359,6 +384,7 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, detect_tz_changes);
 #endif /* DETECT_TZ_CHANGES */
 	ATF_TP_ADD_TC(tp, tz_env);
+	ATF_TP_ADD_TC(tp, setugid);
 	ATF_TP_ADD_TC(tp, tz_env_setugid);
 	return (atf_no_error());
 }