diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2009-03-12 02:57:07 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2009-03-12 09:00:00 -0400 |
| commit | 55ab6bd7a8056fc1c4c4a2ab3f76c2664b44ed1d (patch) | |
| tree | 52d5cfbf3484500401c035044a01078ce968c6af /tests | |
| parent | sandbox: pass shell exit status up (diff) | |
| download | sandbox-55ab6bd7a8056fc1c4c4a2ab3f76c2664b44ed1d.tar.gz sandbox-55ab6bd7a8056fc1c4c4a2ab3f76c2664b44ed1d.tar.bz2 sandbox-55ab6bd7a8056fc1c4c4a2ab3f76c2664b44ed1d.zip | |
tests: make sure non-root mkdir works with funky perms
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/Makefile.am | 3 | ||||
| -rwxr-xr-x | tests/mkdir-1.sh | 26 | ||||
| -rwxr-xr-x | tests/mkdir-2.sh | 5 | ||||
| -rwxr-xr-x | tests/mkdir-3.sh | 28 | ||||
| -rw-r--r-- | tests/mkdir.at | 3 | ||||
| -rw-r--r-- | tests/testsuite.at | 1 |
6 files changed, 66 insertions, 0 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 9053546..c0e3d0e 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -61,6 +61,9 @@ dist_check_SCRIPTS = \ fchownat-1.sh \ fchownat-2.sh \ lchown-1.sh \ + mkdir-1.sh \ + mkdir-2.sh \ + mkdir-3.sh \ open-1.sh \ script-0 \ script-1.sh \ diff --git a/tests/mkdir-1.sh b/tests/mkdir-1.sh new file mode 100755 index 0000000..5f6e5ec --- /dev/null +++ b/tests/mkdir-1.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# make sure `mkdir` works in an unreadable dir as non-root. +# based on mkdir/p-3 test from coreutils. + +[ ${SB_UID} -eq 0 ] && exit 77 + +addwrite $PWD + +chmod -R a+rwx base 2>/dev/null +rm -rf base + +mkdir -p base/d +cd base/d +chmod a-r . +chmod a-rx .. + +( +mkdir-0 0 a 0777 || exit 1 +mkdir-0 0 a/b 0777 || exit 1 +) +ret=$? + +chmod a+rx .. +chmod a+r . + +exit ${ret} diff --git a/tests/mkdir-2.sh b/tests/mkdir-2.sh new file mode 100755 index 0000000..511c90a --- /dev/null +++ b/tests/mkdir-2.sh @@ -0,0 +1,5 @@ +#!/bin/sh +# make sure `mkdir -p /var` does not trigger sb violations +# since the paths should already exist +mkdir-0 0 / 0777 +exit 0 diff --git a/tests/mkdir-3.sh b/tests/mkdir-3.sh new file mode 100755 index 0000000..a3a43f5 --- /dev/null +++ b/tests/mkdir-3.sh @@ -0,0 +1,28 @@ +#!/bin/sh +# make sure we cannot break out via a symlink in a dir that is +# otherwise not readable as non-root + +[ ${SB_UID} -eq 0 ] && exit 77 + +addwrite $PWD + +chmod -R a+rwx base 2>/dev/null +rm -rf base + +export SANDBOX_LOG=$PWD/sb.log + +mkdir -p base/d +cd base/d +chmod a-r . +chmod a-rx .. +ln -s / root + +# this should trigger a sb violation +mkdir-0 -1 root/aksdfjasdfjaskdfjasdfla 0777 +test -s "${SANDBOX_LOG}" +ret=$? + +chmod a+rx .. +chmod a+r . + +exit ${ret} diff --git a/tests/mkdir.at b/tests/mkdir.at new file mode 100644 index 0000000..eec4638 --- /dev/null +++ b/tests/mkdir.at @@ -0,0 +1,3 @@ +SB_CHECK(1) +SB_CHECK(2) +SB_CHECK(3) diff --git a/tests/testsuite.at b/tests/testsuite.at index d8665d7..99ffd88 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -12,6 +12,7 @@ sb_inc([fchmodat]) sb_inc([fchownat]) sb_inc([lchown]) sb_inc([libsigsegv]) +sb_inc([mkdir]) sb_inc([open]) sb_inc([sb_printf]) sb_inc([script]) |