diff options
Diffstat (limited to '')
| -rwxr-xr-x | tests/cp/existing-perm-race.sh | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/tests/cp/existing-perm-race.sh b/tests/cp/existing-perm-race.sh new file mode 100755 index 0000000..018a4ce --- /dev/null +++ b/tests/cp/existing-perm-race.sh @@ -0,0 +1,94 @@ +#!/bin/sh +# Make sure cp -p isn't too generous with existing file permissions. + +# Copyright (C) 2006-2018 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src +print_ver_ cp + +require_membership_in_two_groups_ + +# cp -p gives ENOTSUP on NFS on Linux 2.6.9 at least +require_local_dir_ + +require_no_default_acl_ . + +set _ $groups; shift +g1=$1 +g2=$2 + + +umask 077 +mkfifo_or_skip_ fifo + +touch fifo-copy && +chgrp $g1 fifo && +chgrp $g2 fifo-copy && +chmod g+r fifo-copy || framework-failure + +# Terminate any background cp process +cleanup_() { kill $pid 2>/dev/null && wait $pid; } + +# Copy a fifo's contents. That way, we can examine the +# destination permissions before they're finalized. +cp -p --copy-contents fifo fifo-copy & pid=$! + +( + # Now 'cp' is reading the fifo. Wait for the destination file to + # be written to, encouraging things along by echoing to the fifo. + while test ! -s fifo-copy; do + echo foo + done + + # Check the permissions of the destination. + ls -l -n fifo-copy >ls.out && + + # Close the fifo so that "cp" can continue. But output first, + # before exiting, otherwise some shells would optimize away the file + # descriptor that holds the fifo open. + echo foo +) >fifo || fail=1 + +# Check that the destination mode is safe while the file is being copied. +read mode links owner group etc <ls.out || fail=1 +case $mode in + -rw-------*) ;; + + # FIXME: Remove the following case; the file mode should always be + # 600 while the data are being copied. This will require changing + # cp so that it also does not put $g1's data in a file that is + # accessible to $g2. This fix will not close a security hole, since + # a $g2 process can maintain an open file descriptor to the + # destination, but it's safer anyway. + -rw-r-----*) + # If the file has group $g1 and is group-readable, that is definitely bogus, + # as neither the source nor the destination was readable to group $g1. + test "$group" = "$g1" && fail=1;; + + *) fail=1;; +esac + +wait $pid || fail=1 + +# Check that the final mode and group are right. +ls -l -n fifo-copy >ls.out && +read mode links owner group etc <ls.out || fail=1 +case $mode in + -rw-------*) test "$group" = "$g1" || fail=1;; + *) fail=1;; +esac + +Exit $fail |