1 /*
2  *
3  *   Copyright (c) International Business Machines  Corp., 2001
4  *
5  *   This program is free software;  you can redistribute it and/or modify
6  *   it under the terms of the GNU General Public License as published by
7  *   the Free Software Foundation; either version 2 of the License, or
8  *   (at your option) any later version.
9  *
10  *   This program is distributed in the hope that it will be useful,
11  *   but WITHOUT ANY WARRANTY;  without even the implied warranty of
12  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
13  *   the GNU General Public License for more details.
14  *
15  *   You should have received a copy of the GNU General Public License
16  *   along with this program;  if not, write to the Free Software
17  *   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18  */
19 
20 /*
21  * NAME
22  *	kill05.c
23  *
24  * DESCRIPTION
25  *	Test case to check that kill() fails when passed a pid owned by another
26  *	user.
27  *
28  * ALGORITHM
29  *	call setup
30  *	loop if the -i option was given
31  *	setup a shared memory segment to for a flag which will notify
32  *	ltpuser1's process that life is not worth living in a continuous loop.
33  *	fork a child and set the euid to ltpuser1
34  *	set the parents euid to ltpuser2
35  *	execute the kill system call on ltpuser1's pid
36  *	check the return value
37  *	if return value is not -1
38  *		issue a FAIL message, break remaining tests and cleanup
39  *      if we are doing functional testing
40  *              if the errno was set to 1 (Operation not permitted)
41  *                      issue a PASS message
42  *              otherwise
43  *                      issue a FAIL message
44  *	call cleanup
45  *
46  * USAGE
47  *  kill05 [-c n] [-e] [-i n] [-I x] [-P x] [-t]
48  *     where,  -c n : Run n copies concurrently.
49  *             -e   : Turn on errno logging.
50  *             -i n : Execute test n times.
51  *             -I x : Execute test for x seconds.
52  *             -P x : Pause for x seconds between iterations.
53  *             -t   : Turn on syscall timing.
54  *
55  * HISTORY
56  *	07/2001 Ported by Wayne Boyer
57  *
58  *      26/02/2008 Renaud Lottiaux (Renaud.Lottiaux@kerlabs.com)
59  *      - Fix wrong return value check on shmat system call (leading to
60  *        segfault in case of error with this syscall).
61  *      - Fix deletion of IPC memory segment. Segment was not correctly
62  *        deleted due to the change of uid during the test.
63  *
64  * RESTRICTIONS
65  *	This test must be run as root.
66  *	Looping with the -i option does not work correctly.
67  */
68 
69 #include <sys/types.h>
70 #include <sys/ipc.h>
71 #include <sys/shm.h>
72 #include <sys/wait.h>
73 #include <errno.h>
74 #include <pwd.h>
75 #include <signal.h>
76 #include <string.h>
77 #include <stdio.h>
78 #include <stdlib.h>
79 #include <unistd.h>
80 
81 #include "test.h"
82 #include "safe_macros.h"
83 
84 extern void rm_shm(int);
85 
86 void cleanup(void);
87 void setup(void);
88 void do_child(void);
89 void do_master_child(char **av);
90 
91 char *TCID = "kill05";
92 int TST_TOTAL = 1;
93 int shmid1 = -1;
94 extern key_t semkey;
95 int *flag;
96 
97 extern int getipckey();
98 
99 #define TEST_SIG SIGKILL
100 
main(int ac,char ** av)101 int main(int ac, char **av)
102 {
103 	pid_t pid;
104 	int status;
105 
106 	tst_parse_opts(ac, av, NULL, NULL);
107 #ifdef UCLINUX
108 	maybe_run_child(&do_child, "");
109 #endif
110 
111 	setup();		/* global setup */
112 
113 	pid = FORK_OR_VFORK();
114 	if (pid == -1)
115 		tst_brkm(TBROK, cleanup, "Fork failed");
116 	else if (pid == 0)
117 		do_master_child(av);
118 
119 	if (waitpid(pid, &status, 0) == -1)
120 		tst_resm(TBROK | TERRNO, "waitpid failed");
121 	else if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
122 		tst_resm(TFAIL, "child exited abnormally");
123 	else
124 		tst_resm(TPASS, "received expected errno(EPERM)");
125 	cleanup();
126 	tst_exit();
127 }
128 
wait_for_flag(int value)129 void wait_for_flag(int value)
130 {
131 	while (1) {
132 		if (*flag == value)
133 			break;
134 		else
135 			sleep(1);
136 	}
137 }
138 
139 /*
140  * do_master_child()
141  */
do_master_child(char ** av)142 void do_master_child(char **av)
143 {
144 	pid_t pid1;
145 	int status;
146 
147 	char user1name[] = "nobody";
148 	char user2name[] = "bin";
149 
150 	struct passwd *ltpuser1, *ltpuser2;
151 
152 	tst_count = 0;
153 
154 	*flag = 0;
155 
156 	pid1 = FORK_OR_VFORK();
157 
158 	if (pid1 == -1)
159 		tst_brkm(TBROK | TERRNO, cleanup, "Fork failed");
160 
161 	if (pid1 == 0) {
162 		ltpuser1 = SAFE_GETPWNAM(NULL, user1name);
163 		if (setreuid(ltpuser1->pw_uid, ltpuser1->pw_uid) == -1) {
164 			perror("setreuid failed (in child)");
165 			exit(1);
166 		}
167 		*flag = 1;
168 #ifdef UCLINUX
169 		if (self_exec(av[0], "") < 0) {
170 			perror("self_exec failed");
171 			exit(1);
172 		}
173 #else
174 		do_child();
175 #endif
176 	}
177 	ltpuser2 = SAFE_GETPWNAM(NULL, user2name);
178 	if (setreuid(ltpuser2->pw_uid, ltpuser2->pw_uid) == -1) {
179 		perror("seteuid failed");
180 		exit(1);
181 	}
182 
183 	/* wait until child sets its euid */
184 	wait_for_flag(1);
185 
186 	TEST(kill(pid1, TEST_SIG));
187 
188 	/* signal the child that we're done */
189 	*flag = 2;
190 
191 	if (waitpid(pid1, &status, 0) == -1) {
192 		perror("waitpid failed");
193 		exit(1);
194 	}
195 
196 	if (TEST_RETURN != -1) {
197 		printf("kill succeeded unexpectedly\n");
198 		exit(1);
199 	}
200 
201 	/*
202 	 * Check to see if the errno was set to the expected
203 	 * value of 1 : EPERM
204 	 */
205 	if (TEST_ERRNO == EPERM) {
206 		printf("kill failed with EPERM\n");
207 		exit(0);
208 	}
209 	perror("kill failed unexpectedly");
210 	exit(1);
211 }
212 
do_child(void)213 void do_child(void)
214 {
215 	wait_for_flag(2);
216 	exit(0);
217 }
218 
setup(void)219 void setup(void)
220 {
221 	tst_require_root();
222 
223 	TEST_PAUSE;
224 
225 	tst_tmpdir();
226 
227 	semkey = getipckey();
228 
229 	if ((shmid1 = shmget(semkey, getpagesize(), 0666 | IPC_CREAT)) == -1)
230 		tst_brkm(TBROK, cleanup, "Failed to setup shared memory");
231 
232 	if ((flag = shmat(shmid1, 0, 0)) == (int *)-1)
233 		tst_brkm(TBROK | TERRNO, cleanup,
234 			 "Failed to attach shared memory:%d", shmid1);
235 }
236 
cleanup(void)237 void cleanup(void)
238 {
239 	rm_shm(shmid1);
240 
241 	tst_rmdir();
242 }
243