1. 23 9月, 2014 2 次提交
  2. 30 8月, 2014 1 次提交
  3. 09 8月, 2014 3 次提交
  4. 01 8月, 2014 1 次提交
    • E
      mnt: Add tests for unprivileged remount cases that have found to be faulty · db181ce0
      Eric W. Biederman 提交于
      Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
      read-only bind mount read-only in a user namespace the
      MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
      to the remount a read-only mount read-write.
      
      Upon review of the code in remount it was discovered that the code allowed
      nosuid, noexec, and nodev to be cleared.  It was also discovered that
      the code was allowing the per mount atime flags to be changed.
      
      The first naive patch to fix these issues contained the flaw that using
      default atime settings when remounting a filesystem could be disallowed.
      
      To avoid this problems in the future add tests to ensure unprivileged
      remounts are succeeding and failing at the appropriate times.
      
      Cc: stable@vger.kernel.org
      Acked-by: NSerge E. Hallyn <serge.hallyn@ubuntu.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      db181ce0
  5. 28 7月, 2014 10 次提交
  6. 18 7月, 2014 1 次提交
  7. 12 7月, 2014 7 次提交
  8. 10 7月, 2014 1 次提交
  9. 04 7月, 2014 3 次提交
  10. 27 6月, 2014 2 次提交
  11. 24 6月, 2014 1 次提交
  12. 11 6月, 2014 5 次提交
  13. 07 6月, 2014 1 次提交
    • K
      tools/testing/selftests/sysctl: validate sysctl_writes_strict · 24fe831c
      Kees Cook 提交于
      This adds several behavioral tests to sysctl string and number writing
      to detect unexpected cases that behaved differently when the sysctl
      kernel.sysctl_writes_strict != 1.
      
      [ original ]
          root@localhost:~# make test_num
          == Testing sysctl behavior against /proc/sys/kernel/domainname ==
          Writing test file ... ok
          Checking sysctl is not set to test value ... ok
          Writing sysctl from shell ... ok
          Resetting sysctl to original value ... ok
          Writing entire sysctl in single write ... ok
          Writing middle of sysctl after synchronized seek ... FAIL
          Writing beyond end of sysctl ... FAIL
          Writing sysctl with multiple long writes ... FAIL
          Writing entire sysctl in short writes ... FAIL
          Writing middle of sysctl after unsynchronized seek ... ok
          Checking sysctl maxlen is at least 65 ... ok
          Checking sysctl keeps original string on overflow append ... FAIL
          Checking sysctl stays NULL terminated on write ... ok
          Checking sysctl stays NULL terminated on overwrite ... ok
          make: *** [test_num] Error 1
          root@localhost:~# make test_string
          == Testing sysctl behavior against /proc/sys/vm/swappiness ==
          Writing test file ... ok
          Checking sysctl is not set to test value ... ok
          Writing sysctl from shell ... ok
          Resetting sysctl to original value ... ok
          Writing entire sysctl in single write ... ok
          Writing middle of sysctl after synchronized seek ... FAIL
          Writing beyond end of sysctl ... FAIL
          Writing sysctl with multiple long writes ... ok
          make: *** [test_string] Error 1
      
      [ with CONFIG_PROC_SYSCTL_STRICT_WRITES ]
          root@localhost:~# make run_tests
          == Testing sysctl behavior against /proc/sys/kernel/domainname ==
          Writing test file ... ok
          Checking sysctl is not set to test value ... ok
          Writing sysctl from shell ... ok
          Resetting sysctl to original value ... ok
          Writing entire sysctl in single write ... ok
          Writing middle of sysctl after synchronized seek ... ok
          Writing beyond end of sysctl ... ok
          Writing sysctl with multiple long writes ... ok
          Writing entire sysctl in short writes ... ok
          Writing middle of sysctl after unsynchronized seek ... ok
          Checking sysctl maxlen is at least 65 ... ok
          Checking sysctl keeps original string on overflow append ... ok
          Checking sysctl stays NULL terminated on write ... ok
          Checking sysctl stays NULL terminated on overwrite ... ok
          == Testing sysctl behavior against /proc/sys/vm/swappiness ==
          Writing test file ... ok
          Checking sysctl is not set to test value ... ok
          Writing sysctl from shell ... ok
          Resetting sysctl to original value ... ok
          Writing entire sysctl in single write ... ok
          Writing middle of sysctl after synchronized seek ... ok
          Writing beyond end of sysctl ... ok
          Writing sysctl with multiple long writes ... ok
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Cc: Randy Dunlap <rdunlap@infradead.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      24fe831c
  14. 06 6月, 2014 1 次提交
  15. 15 5月, 2014 1 次提交