Commit 295c4e21 authored by Masami Hiramatsu's avatar Masami Hiramatsu Committed by Shuah Khan

selftests: safesetid: Check the return value of setuid/setgid

Check the return value of setuid() and setgid().
This fixes the following warnings and improves test result.

safesetid-test.c: In function ‘main’:
safesetid-test.c:294:2: warning: ignoring return value of ‘setuid’, declared with attribute warn_unused_result [-Wunused-result]
  setuid(NO_POLICY_USER);
  ^~~~~~~~~~~~~~~~~~~~~~
safesetid-test.c:295:2: warning: ignoring return value of ‘setgid’, declared with attribute warn_unused_result [-Wunused-result]
  setgid(NO_POLICY_USER);
  ^~~~~~~~~~~~~~~~~~~~~~
safesetid-test.c:309:2: warning: ignoring return value of ‘setuid’, declared with attribute warn_unused_result [-Wunused-result]
  setuid(RESTRICTED_PARENT);
  ^~~~~~~~~~~~~~~~~~~~~~~~~
safesetid-test.c:310:2: warning: ignoring return value of ‘setgid’, declared with attribute warn_unused_result [-Wunused-result]
  setgid(RESTRICTED_PARENT);
  ^~~~~~~~~~~~~~~~~~~~~~~~~
safesetid-test.c: In function ‘test_setuid’:
safesetid-test.c:216:3: warning: ignoring return value of ‘setuid’, declared with attribute warn_unused_result [-Wunused-result]
   setuid(child_uid);
   ^~~~~~~~~~~~~~~~~

Fixes: c67e8ec0 ("LSM: SafeSetID: add selftest")
Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: default avatarShuah Khan <skhan@linuxfoundation.org>
parent be122522
...@@ -213,7 +213,8 @@ static void test_setuid(uid_t child_uid, bool expect_success) ...@@ -213,7 +213,8 @@ static void test_setuid(uid_t child_uid, bool expect_success)
} }
if (cpid == 0) { /* Code executed by child */ if (cpid == 0) { /* Code executed by child */
setuid(child_uid); if (setuid(child_uid) < 0)
exit(EXIT_FAILURE);
if (getuid() == child_uid) if (getuid() == child_uid)
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
else else
...@@ -291,8 +292,10 @@ int main(int argc, char **argv) ...@@ -291,8 +292,10 @@ int main(int argc, char **argv)
// First test to make sure we can write userns mappings from a user // First test to make sure we can write userns mappings from a user
// that doesn't have any restrictions (as long as it has CAP_SETUID); // that doesn't have any restrictions (as long as it has CAP_SETUID);
setuid(NO_POLICY_USER); if (setuid(NO_POLICY_USER) < 0)
setgid(NO_POLICY_USER); die("Error with set uid(%d)\n", NO_POLICY_USER);
if (setgid(NO_POLICY_USER) < 0)
die("Error with set gid(%d)\n", NO_POLICY_USER);
// Take away all but setid caps // Take away all but setid caps
drop_caps(true); drop_caps(true);
...@@ -306,8 +309,10 @@ int main(int argc, char **argv) ...@@ -306,8 +309,10 @@ int main(int argc, char **argv)
die("test_userns failed when it should work\n"); die("test_userns failed when it should work\n");
} }
setuid(RESTRICTED_PARENT); if (setuid(RESTRICTED_PARENT) < 0)
setgid(RESTRICTED_PARENT); die("Error with set uid(%d)\n", RESTRICTED_PARENT);
if (setgid(RESTRICTED_PARENT) < 0)
die("Error with set gid(%d)\n", RESTRICTED_PARENT);
test_setuid(ROOT_USER, false); test_setuid(ROOT_USER, false);
test_setuid(ALLOWED_CHILD1, true); test_setuid(ALLOWED_CHILD1, true);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment