^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) #define _GNU_SOURCE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) #include <errno.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) #include <fcntl.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) #include <limits.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) #include <sched.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) #include <stdarg.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #include <stdbool.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #include <stdio.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <stdlib.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <string.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <sys/mount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <sys/stat.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <sys/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <sys/vfs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <unistd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #ifndef MS_NOSYMFOLLOW
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) # define MS_NOSYMFOLLOW 256 /* Do not follow symlinks */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #ifndef ST_NOSYMFOLLOW
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) # define ST_NOSYMFOLLOW 0x2000 /* Do not follow symlinks */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #define DATA "/tmp/data"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #define LINK "/tmp/symlink"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #define TMP "/tmp"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) static void die(char *fmt, ...)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) va_list ap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) va_start(ap, fmt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) vfprintf(stderr, fmt, ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) va_end(ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) exit(EXIT_FAILURE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) static void vmaybe_write_file(bool enoent_ok, char *filename, char *fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) va_list ap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) ssize_t written;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) char buf[4096];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) int buf_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) int fd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) buf_len = vsnprintf(buf, sizeof(buf), fmt, ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) if (buf_len < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) die("vsnprintf failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) if (buf_len >= sizeof(buf))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) die("vsnprintf output truncated\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) fd = open(filename, O_WRONLY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) if (fd < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) if ((errno == ENOENT) && enoent_ok)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) die("open of %s failed: %s\n", filename, strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) written = write(fd, buf, buf_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) if (written != buf_len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) if (written >= 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) die("short write to %s\n", filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) die("write to %s failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) filename, strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) if (close(fd) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) die("close of %s failed: %s\n", filename, strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) static void maybe_write_file(char *filename, char *fmt, ...)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) va_list ap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) va_start(ap, fmt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) vmaybe_write_file(true, filename, fmt, ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) va_end(ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) static void write_file(char *filename, char *fmt, ...)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) va_list ap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) va_start(ap, fmt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) vmaybe_write_file(false, filename, fmt, ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) va_end(ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) static void create_and_enter_ns(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) uid_t uid = getuid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) gid_t gid = getgid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) if (unshare(CLONE_NEWUSER) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) die("unshare(CLONE_NEWUSER) failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) maybe_write_file("/proc/self/setgroups", "deny");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) write_file("/proc/self/uid_map", "0 %d 1", uid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) write_file("/proc/self/gid_map", "0 %d 1", gid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) if (setgid(0) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) die("setgid(0) failed %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) if (setuid(0) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) die("setuid(0) failed %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) if (unshare(CLONE_NEWNS) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) die("unshare(CLONE_NEWNS) failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) static void setup_symlink(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) int data, err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) data = creat(DATA, O_RDWR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) if (data < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) die("creat failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) err = symlink(DATA, LINK);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) die("symlink failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) if (close(data) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) die("close of %s failed: %s\n", DATA, strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) static void test_link_traversal(bool nosymfollow)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) int link;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) link = open(LINK, 0, O_RDWR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) if (nosymfollow) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) if ((link != -1 || errno != ELOOP)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) die("link traversal unexpected result: %d, %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) link, strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) if (link < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) die("link traversal failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) if (close(link) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) die("close of link failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) static void test_readlink(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) char buf[4096];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) ssize_t ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) bzero(buf, sizeof(buf));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) ret = readlink(LINK, buf, sizeof(buf));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) die("readlink failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) if (strcmp(buf, DATA) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) die("readlink strcmp failed: '%s' '%s'\n", buf, DATA);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) static void test_realpath(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) char *path = realpath(LINK, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) if (!path)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) die("realpath failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) if (strcmp(path, DATA) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) die("realpath strcmp failed\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) free(path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) static void test_statfs(bool nosymfollow)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) struct statfs buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) ret = statfs(TMP, &buf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) die("statfs failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) if (nosymfollow) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) if ((buf.f_flags & ST_NOSYMFOLLOW) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) die("ST_NOSYMFOLLOW not set on %s\n", TMP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) if ((buf.f_flags & ST_NOSYMFOLLOW) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) die("ST_NOSYMFOLLOW set on %s\n", TMP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) static void run_tests(bool nosymfollow)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) test_link_traversal(nosymfollow);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) test_readlink();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) test_realpath();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) test_statfs(nosymfollow);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) int main(int argc, char **argv)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) create_and_enter_ns();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) if (mount("testing", TMP, "ramfs", 0, NULL) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) die("mount failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) setup_symlink();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) run_tests(false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) if (mount("testing", TMP, "ramfs", MS_REMOUNT|MS_NOSYMFOLLOW, NULL) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) die("remount failed: %s\n", strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) run_tests(true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) return EXIT_SUCCESS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags