diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2020-12-10 21:58:10 -0800 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2020-12-10 22:06:35 -0800 |
| commit | e7e0e1b9e2cf3378d329174ed5b0c716b0539c72 (patch) | |
| tree | daeb0e727867b9a290501e5e69fb1a7f6b9aa403 /go | |
| parent | 4d13894a85386feeca22ebf7c0f84f4173376e0f (diff) | |
| download | libcap-e7e0e1b9e2cf3378d329174ed5b0c716b0539c72.tar.gz | |
Fix some typos in the psx.c code related to 6 argument syscalls.
https://bugzilla.kernel.org/show_bug.cgi?id=210613
Essentially, 6 argument psx_syscall()s were not correctly implemented
before. The only consumer of these in [lib]cap were to set and reset
the ambient capability values, and so far I evidently hadn't tested
them in a multithreaded program.
Six argument psx_syscall()s work now, and I've adapted the reproducer
code into a new make sudotest.
Also cleaned up the psx_syscall() macro to remove any ambiguity about
argument sizes.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'go')
| -rw-r--r-- | go/.gitignore | 1 | ||||
| -rw-r--r-- | go/Makefile | 8 | ||||
| -rw-r--r-- | go/b210613.go | 21 |
3 files changed, 28 insertions, 2 deletions
diff --git a/go/.gitignore b/go/.gitignore index 461bb4d..30ae0b6 100644 --- a/go/.gitignore +++ b/go/.gitignore @@ -3,6 +3,7 @@ compare-cap try-launching try-launching-cgo psx-signals +b210613 mknames web setid diff --git a/go/Makefile b/go/Makefile index b22a9bc..3bd79c8 100644 --- a/go/Makefile +++ b/go/Makefile @@ -80,6 +80,9 @@ endif psx-signals: psx-signals.go $(PSXGOPACKAGE) GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO) build $< +b210613: b210613.go $(CAPGOPACKAGE) + GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO) build $< + test: all GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/psx GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/cap @@ -91,7 +94,7 @@ test: all # Note, the user namespace doesn't require sudo, but I wanted to avoid # requiring that the hosting kernel supports user namespaces for the # regular test case. -sudotest: test ../progs/tcapsh-static +sudotest: test ../progs/tcapsh-static b210613 ./gowns --ns -- -c "echo gowns runs with user namespace" ./try-launching ifeq ($(CGO_REQUIRED),0) @@ -101,6 +104,7 @@ endif ifeq ($(CGO_REQUIRED),0) sudo ./try-launching-cgo endif + sudo ../progs/tcapsh-static --cap-uid=$$(id -u) --caps="cap_setpcap=ep" --iab="^cap_setpcap" -- -c ./b210613 install: all rm -rf $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx @@ -115,5 +119,5 @@ clean: rm -f web setid gowns rm -f compare-cap try-launching try-launching-cgo rm -f $(topdir)/cap/*~ $(topdir)/psx/*~ - rm -f psx-signals + rm -f psx-signals b210613 rm -fr pkg src diff --git a/go/b210613.go b/go/b210613.go new file mode 100644 index 0000000..2bced06 --- /dev/null +++ b/go/b210613.go @@ -0,0 +1,21 @@ +// Program b210613 reproduces the code reported in: +// +// https://bugzilla.kernel.org/show_bug.cgi?id=210613 +// +// This file is evolved directly from the reproducer attached to that +// bug report originally authored by Lorenz Bauer. +package main + +import ( + "fmt" + "log" + + "kernel.org/pub/linux/libs/security/libcap/cap" +) + +func main() { + if err := cap.ModeNoPriv.Set(); err != nil { + log.Fatalf("error dropping privilege: %v", err) + } + fmt.Println("b210613: PASSED") +} |