1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) Wipro Technologies Ltd, 2002. All Rights Reserved.
4 * Author: Saji Kumar.V.R <saji.kumar@wipro.com>
5 *
6 * Tests whether we can use capset() to modify the capabilities of a thread
7 * other than itself. Now, most linux distributions with kernel supporting
8 * VFS capabilities, this should be never permitted.
9 */
10 #include <stdlib.h>
11 #include <sys/types.h>
12 #include <unistd.h>
13 #include "tst_test.h"
14 #include "lapi/syscalls.h"
15 #include <linux/capability.h>
16
17 static struct __user_cap_header_struct *header;
18 static struct __user_cap_data_struct *data;
19 static pid_t child_pid;
20
verify_capset(void)21 static void verify_capset(void)
22 {
23 child_pid = SAFE_FORK();
24 if (!child_pid)
25 pause();
26
27 header->pid = child_pid;
28
29 TEST(tst_syscall(__NR_capset, header, data));
30 if (TST_RET == 0) {
31 tst_res(TFAIL, "capset succeed unexpectedly");
32 return;
33 }
34
35 if (TST_ERR == EPERM)
36 tst_res(TPASS, "capset can't modify other process capabilities");
37 else
38 tst_res(TFAIL | TTERRNO, "capset expected EPERM, bug got");
39
40 SAFE_KILL(child_pid, SIGTERM);
41 SAFE_WAIT(NULL);
42 }
43
setup(void)44 static void setup(void)
45 {
46 header->version = 0x20080522;
47 TEST(tst_syscall(__NR_capget, header, data));
48 if (TST_RET == -1)
49 tst_brk(TBROK | TTERRNO, "capget data failed");
50 }
51
52 static struct tst_test test = {
53 .setup = setup,
54 .test_all = verify_capset,
55 .forks_child = 1,
56 .bufs = (struct tst_buffers []) {
57 {&header, .size = sizeof(*header)},
58 {&data, .size = 2 * sizeof(*data)},
59 {},
60 }
61 };
62