Andy Lutomirski <luto@xxxxxxxxxx> writes:
> test_execve does rather odd mount manipulations to safely create
> temporary setuid and setgid executables that aren't visible to the
> rest of the system. Those executables end up in the test's cwd, but
> that cwd is MNT_DETACHed.
>
> The core namespace code considers MNT_DETACHed trees to belong to no
> mount namespace at all and, in general, MNT_DETACHed trees are only
> barely function. This interacted with commit 380cf5ba6b0a ("fs:
> Treat foreign mounts as nosuid") to cause all MNT_DETACHed trees to
> act as though they're nosuid, breaking the test.
>
> Fix it by just not detaching the tree. It's still in a private
> mount namespace and is therefore still invisible to the rest of the
> system (except via /proc, and the same nosuid logic will protect all
> other programs on the system from believing in test_execve's setuid
> bits).
>
> While we're at it, fix some blatant whitespace problems.
>
> Reported-by: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx>
> Fixes: 380cf5ba6b0a ("fs: Treat foreign mounts as nosuid")
> Cc: stable@xxxxxxxxxxxxxxx
> Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> Cc: Shuah Khan <shuahkh@xxxxxxxxxxxxxxx>
> Cc: Greg KH <greg@xxxxxxxxx>
> Cc: linux-kselftest@xxxxxxxxxxxxxxx
> Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxx>
Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
> ---
> tools/testing/selftests/capabilities/test_execve.c | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/tools/testing/selftests/capabilities/test_execve.c b/tools/testing/selftests/capabilities/test_execve.c
> index 10a21a958aaf..763f37fecfb8 100644
> --- a/tools/testing/selftests/capabilities/test_execve.c
> +++ b/tools/testing/selftests/capabilities/test_execve.c
> @@ -138,9 +138,6 @@ static void chdir_to_tmpfs(void)
>
> if (chdir(cwd) != 0)
> err(1, "chdir to private tmpfs");
> -
> - if (umount2(".", MNT_DETACH) != 0)
> - err(1, "detach private tmpfs");
> }
>
> static void copy_fromat_to(int fromfd, const char *fromname, const char *toname)
> @@ -248,7 +245,7 @@ static int do_tests(int uid, const char *our_path)
> err(1, "chown");
> if (chmod("validate_cap_sgidnonroot", S_ISGID | 0710) != 0)
> err(1, "chmod");
> -}
> + }
>
> capng_get_caps_process();
>
> @@ -384,7 +381,7 @@ static int do_tests(int uid, const char *our_path)
> } else {
> printf("[RUN]\tNon-root +ia, sgidnonroot => i\n");
> exec_other_validate_cap("./validate_cap_sgidnonroot",
> - false, false, true, false);
> + false, false, true, false);
>
> if (fork_wait()) {
> printf("[RUN]\tNon-root +ia, sgidroot => i\n");