[Bug 250178] Failing test case: sys.capsicum.functional.Capability__NoBypassDAC
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Oct 13 23:12:07 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250178
--- Comment #3 from Ed Maste <emaste at freebsd.org> ---
1281 TEST(Capability, NoBypassDAC) {
1282 REQUIRE_ROOT();
1283 int fd = open(TmpFile("cap_root_owned"), O_RDONLY|O_CREAT, 0644);
1284 EXPECT_OK(fd);
1285 cap_rights_t rights;
1286 cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FCHMOD, CAP_FSTAT);
1287 EXPECT_OK(cap_rights_limit(fd, &rights));
1288
1289 pid_t child = fork();
1290 if (child == 0) {
1291 // Child: change uid to a lesser being
1292 setuid(other_uid);
1293 // Attempt to fchmod the file, and fail.
1294 // Having CAP_FCHMOD doesn't bypass the need to comply with DAC
policy.
1295 int rc = fchmod(fd, 0666);
1296 EXPECT_EQ(-1, rc);
1297 EXPECT_EQ(EPERM, errno);
1298 exit(HasFailure());
1299 }
1300 int status;
1301 EXPECT_EQ(child, waitpid(child, &status, 0));
1302 EXPECT_TRUE(WIFEXITED(status)) << "0x" << std::hex << status;
1303 EXPECT_EQ(0, WEXITSTATUS(status));
1304 struct stat info;
1305 EXPECT_OK(fstat(fd, &info));
1306 EXPECT_EQ((mode_t)(S_IFREG|0644), info.st_mode);
1307 close(fd);
1308 unlink(TmpFile("cap_root_owned"));
1309 }
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-testing
mailing list