1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) Wipro Technologies Ltd, 2002. All Rights Reserved.
4 * Copyright (c) Linux Test Project, 2020-2023
5 * Author: Saji Kumar.V.R <[email protected]>
6 */
7
8 /*\
9 * [Description]
10 *
11 * Test whether capset() can be used to modify the capabilities of a thread
12 * other than itself. Now, most linux distributions with kernel supporting
13 * VFS capabilities, this should be never permitted.
14 */
15
16 #include <stdlib.h>
17 #include <sys/types.h>
18 #include <unistd.h>
19 #include "tst_test.h"
20 #include "lapi/syscalls.h"
21 #include <linux/capability.h>
22
23 static struct __user_cap_header_struct *header;
24 static struct __user_cap_data_struct *data;
25 static pid_t child_pid;
26
verify_capset(void)27 static void verify_capset(void)
28 {
29 child_pid = SAFE_FORK();
30 if (!child_pid)
31 pause();
32
33 tst_res(TINFO, "Test capset() for a different process");
34
35 header->pid = child_pid;
36
37 TST_EXP_FAIL(tst_syscall(__NR_capset, header, data), EPERM, "capset()");
38
39 SAFE_KILL(child_pid, SIGTERM);
40 SAFE_WAIT(NULL);
41 }
42
setup(void)43 static void setup(void)
44 {
45 header->version = 0x20080522;
46 TEST(tst_syscall(__NR_capget, header, data));
47 if (TST_RET == -1)
48 tst_brk(TBROK | TTERRNO, "capget data failed");
49 }
50
51 static struct tst_test test = {
52 .setup = setup,
53 .test_all = verify_capset,
54 .forks_child = 1,
55 .bufs = (struct tst_buffers []) {
56 {&header, .size = sizeof(*header)},
57 {&data, .size = 2 * sizeof(*data)},
58 {},
59 }
60 };
61