diff options
| author |   Aleksa Sarai <cyphar@cyphar.com> | 2020-01-18 23:08:00 +1100 |
|---|---|---|
| committer |   Al Viro <viro@zeniv.linux.org.uk> | 2020-01-18 09:19:18 -0500 |
| commit | b28a10aedcd4d175470171a32f4f20b0a60a612b (patch) | |
| tree | 418470992a734633f506e8a04e32db89b72c7dd7 /tools/testing/selftests/openat2/.gitignore | |
| parent | open: introduce openat2(2) syscall (diff) | |
| download | wireguard-linux-b28a10aedcd4d175470171a32f4f20b0a60a612b.tar.xz wireguard-linux-b28a10aedcd4d175470171a32f4f20b0a60a612b.zip | |
selftests: add openat2(2) selftests
Test all of the various openat2(2) flags. A small stress-test of a
symlink-rename attack is included to show that the protections against
".."-based attacks are sufficient.
The main things these self-tests are enforcing are:
* The struct+usize ABI for openat2(2) and copy_struct_from_user() to
ensure that upgrades will be handled gracefully (in addition,
ensuring that misaligned structures are also handled correctly).
* The -EINVAL checks for openat2(2) are all correctly handled to avoid
userspace passing unknown or conflicting flag sets (most
importantly, ensuring that invalid flag combinations are checked).
* All of the RESOLVE_* semantics (including errno values) are
correctly handled with various combinations of paths and flags.
* RESOLVE_IN_ROOT correctly protects against the symlink rename(2)
attack that has been responsible for several CVEs (and likely will
be responsible for several more).
Cc: Shuah Khan <shuah@kernel.org>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'tools/testing/selftests/openat2/.gitignore')
| -rw-r--r-- | tools/testing/selftests/openat2/.gitignore | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tools/testing/selftests/openat2/.gitignore b/tools/testing/selftests/openat2/.gitignore new file mode 100644 index 000000000000..bd68f6c3fd07 --- /dev/null +++ b/tools/testing/selftests/openat2/.gitignore @@ -0,0 +1 @@ +/*_test |