xref: /freebsd/contrib/netbsd-tests/lib/libc/sys/t_chroot.c (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1 /* $NetBSD: t_chroot.c,v 1.2 2017/01/10 22:36:29 christos Exp $ */
2 
3 /*-
4  * Copyright (c) 2011 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Jukka Ruohonen.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  */
31 #include <sys/cdefs.h>
32 __RCSID("$NetBSD: t_chroot.c,v 1.2 2017/01/10 22:36:29 christos Exp $");
33 
34 #include <sys/wait.h>
35 #include <sys/stat.h>
36 
37 #include <atf-c.h>
38 #include <errno.h>
39 #include <fcntl.h>
40 #include <limits.h>
41 #include <pwd.h>
42 #include <stdlib.h>
43 #include <string.h>
44 #include <unistd.h>
45 
46 ATF_TC(chroot_basic);
47 ATF_TC_HEAD(chroot_basic, tc)
48 {
49 	atf_tc_set_md_var(tc, "descr", "A basic test of chroot(2)");
50 	atf_tc_set_md_var(tc, "require.user", "root");
51 }
52 
53 ATF_TC_BODY(chroot_basic, tc)
54 {
55 	char buf[PATH_MAX];
56 	int fd, sta;
57 	pid_t pid;
58 
59 	(void)memset(buf, '\0', sizeof(buf));
60 	(void)getcwd(buf, sizeof(buf));
61 	(void)strlcat(buf, "/dir", sizeof(buf));
62 
63 	ATF_REQUIRE(mkdir(buf, 0500) == 0);
64 	ATF_REQUIRE(chdir(buf) == 0);
65 
66 	pid = fork();
67 	ATF_REQUIRE(pid >= 0);
68 
69 	if (pid == 0) {
70 
71 		if (chroot(buf) != 0)
72 			_exit(EXIT_FAILURE);
73 
74 		errno = 0;
75 
76 		if (chroot("/root") != -1)
77 			_exit(EXIT_FAILURE);
78 
79 		if (errno != ENOENT)
80 			_exit(EXIT_FAILURE);
81 
82 		fd = open("file", O_RDONLY | O_CREAT, 0600);
83 
84 		if (fd < 0)
85 			_exit(EXIT_FAILURE);
86 
87 		if (close(fd) != 0)
88 			_exit(EXIT_FAILURE);
89 
90 		_exit(EXIT_SUCCESS);
91 	}
92 
93 	(void)wait(&sta);
94 
95 	if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
96 		atf_tc_fail("chroot(2) failed");
97 
98 	(void)chdir("/");
99 	(void)strlcat(buf, "/file", sizeof(buf));
100 
101 	fd = open(buf, O_RDONLY);
102 
103 	if (fd < 0)
104 		atf_tc_fail("chroot(2) did not change the root directory");
105 
106 	ATF_REQUIRE(close(fd) == 0);
107 	ATF_REQUIRE(unlink(buf) == 0);
108 }
109 
110 ATF_TC(chroot_err);
111 ATF_TC_HEAD(chroot_err, tc)
112 {
113 	atf_tc_set_md_var(tc, "descr", "Test error conditions of chroot(2)");
114 	atf_tc_set_md_var(tc, "require.user", "root");
115 }
116 
117 ATF_TC_BODY(chroot_err, tc)
118 {
119 	char buf[PATH_MAX + 1];
120 
121 	(void)memset(buf, 'x', sizeof(buf));
122 
123 	errno = 0;
124 	ATF_REQUIRE_ERRNO(ENAMETOOLONG, chroot(buf) == -1);
125 
126 	errno = 0;
127 	ATF_REQUIRE_ERRNO(EFAULT, chroot((void *)-1) == -1);
128 
129 	errno = 0;
130 	ATF_REQUIRE_ERRNO(ENOENT, chroot("/a/b/c/d/e/f/g/h/i/j") == -1);
131 }
132 
133 ATF_TC(chroot_perm);
134 ATF_TC_HEAD(chroot_perm, tc)
135 {
136 	atf_tc_set_md_var(tc, "descr", "Test permissions with chroot(2)");
137 	atf_tc_set_md_var(tc, "require.user", "unprivileged");
138 }
139 
140 ATF_TC_BODY(chroot_perm, tc)
141 {
142 	static char buf[LINE_MAX];
143 	pid_t pid;
144 	int sta;
145 
146 	(void)memset(buf, '\0', sizeof(buf));
147 	ATF_REQUIRE(getcwd(buf, sizeof(buf)) != NULL);
148 
149 	pid = fork();
150 	ATF_REQUIRE(pid >= 0);
151 
152 	if (pid == 0) {
153 
154 		errno = 0;
155 
156 		if (chroot(buf) != -1)
157 			_exit(EXIT_FAILURE);
158 
159 		if (errno != EPERM)
160 			_exit(EXIT_FAILURE);
161 
162 		_exit(EXIT_SUCCESS);
163 	}
164 
165 	(void)wait(&sta);
166 
167 	if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
168 		atf_tc_fail("chroot(2) succeeded as unprivileged user");
169 }
170 
171 #ifdef __NetBSD__
172 ATF_TC(fchroot_basic);
173 ATF_TC_HEAD(fchroot_basic, tc)
174 {
175 	atf_tc_set_md_var(tc, "descr", "A basic test of fchroot(2)");
176 	atf_tc_set_md_var(tc, "require.user", "root");
177 }
178 
179 ATF_TC_BODY(fchroot_basic, tc)
180 {
181 	char buf[PATH_MAX];
182 	int fd, sta;
183 	pid_t pid;
184 
185 	(void)memset(buf, '\0', sizeof(buf));
186 	(void)getcwd(buf, sizeof(buf));
187 	(void)strlcat(buf, "/dir", sizeof(buf));
188 
189 	ATF_REQUIRE(mkdir(buf, 0500) == 0);
190 	ATF_REQUIRE(chdir(buf) == 0);
191 
192 	fd = open(buf, O_RDONLY);
193 	ATF_REQUIRE(fd >= 0);
194 
195 	pid = fork();
196 	ATF_REQUIRE(pid >= 0);
197 
198 	if (pid == 0) {
199 
200 		if (fchroot(fd) != 0)
201 			_exit(EXIT_FAILURE);
202 
203 		if (close(fd) != 0)
204 			_exit(EXIT_FAILURE);
205 
206 		fd = open("file", O_RDONLY | O_CREAT, 0600);
207 
208 		if (fd < 0)
209 			_exit(EXIT_FAILURE);
210 
211 		if (close(fd) != 0)
212 			_exit(EXIT_FAILURE);
213 
214 		_exit(EXIT_SUCCESS);
215 	}
216 
217 	(void)wait(&sta);
218 
219 	if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
220 		atf_tc_fail("fchroot(2) failed");
221 
222 	(void)chdir("/");
223 	(void)strlcat(buf, "/file", sizeof(buf));
224 
225 	fd = open(buf, O_RDONLY);
226 
227 	if (fd < 0)
228 		atf_tc_fail("fchroot(2) did not change the root directory");
229 
230 	ATF_REQUIRE(close(fd) == 0);
231 	ATF_REQUIRE(unlink(buf) == 0);
232 }
233 
234 ATF_TC(fchroot_err);
235 ATF_TC_HEAD(fchroot_err, tc)
236 {
237 	atf_tc_set_md_var(tc, "descr", "Test error conditions of fchroot(2)");
238 	atf_tc_set_md_var(tc, "require.user", "root");
239 }
240 
241 ATF_TC_BODY(fchroot_err, tc)
242 {
243 	int fd;
244 
245 	fd = open("/etc/passwd", O_RDONLY);
246 	ATF_REQUIRE(fd >= 0);
247 
248 	errno = 0;
249 	ATF_REQUIRE_ERRNO(EBADF, fchroot(-1) == -1);
250 
251 	errno = 0;
252 	ATF_REQUIRE_ERRNO(ENOTDIR, fchroot(fd) == -1);
253 
254 	ATF_REQUIRE(close(fd) == 0);
255 }
256 
257 ATF_TC(fchroot_perm);
258 ATF_TC_HEAD(fchroot_perm, tc)
259 {
260 	atf_tc_set_md_var(tc, "descr", "Test permissions with fchroot(2)");
261 	atf_tc_set_md_var(tc, "require.user", "root");
262 }
263 
264 ATF_TC_BODY(fchroot_perm, tc)
265 {
266 	static char buf[LINE_MAX];
267 	struct passwd *pw;
268 	int fd, sta;
269 	pid_t pid;
270 
271 	(void)memset(buf, '\0', sizeof(buf));
272 	ATF_REQUIRE(getcwd(buf, sizeof(buf)) != NULL);
273 
274 	pw = getpwnam("nobody");
275 	fd = open(buf, O_RDONLY);
276 
277 	ATF_REQUIRE(fd >= 0);
278 	ATF_REQUIRE(pw != NULL);
279 
280 	pid = fork();
281 	ATF_REQUIRE(pid >= 0);
282 
283 	if (pid == 0) {
284 
285 		(void)setuid(pw->pw_uid);
286 
287 		errno = 0;
288 
289 		if (fchroot(fd) != -1)
290 			_exit(EXIT_FAILURE);
291 
292 		if (errno != EPERM)
293 			_exit(EXIT_FAILURE);
294 
295 		_exit(EXIT_SUCCESS);
296 	}
297 
298 	(void)wait(&sta);
299 
300 	if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
301 		atf_tc_fail("fchroot(2) succeeded as unprivileged user");
302 }
303 #endif
304 
305 ATF_TP_ADD_TCS(tp)
306 {
307 
308 	ATF_TP_ADD_TC(tp, chroot_basic);
309 	ATF_TP_ADD_TC(tp, chroot_err);
310 	ATF_TP_ADD_TC(tp, chroot_perm);
311 #ifdef __NetBSD__
312 	ATF_TP_ADD_TC(tp, fchroot_basic);
313 	ATF_TP_ADD_TC(tp, fchroot_err);
314 	ATF_TP_ADD_TC(tp, fchroot_perm);
315 #endif
316 
317 	return atf_no_error();
318 }
319