1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2017 Richard Palethorpe <[email protected]>
4 * Copyright (c) Linux Test Project, 2019-2024
5 */
6
7 /*\
8 * [Description]
9 *
10 * Test for CVE-2016-9604, checks that keys beginning with "." are disallowed.
11 *
12 * See commit
13 * ee8f844e3c5a ("KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings")
14 */
15
16 #include <errno.h>
17 #include "tst_test.h"
18 #include "lapi/keyctl.h"
19
run(void)20 void run(void)
21 {
22 if (keyctl_join_session_keyring(".builtin_trusted_keys") == -1) {
23 if (errno != EPERM) {
24 tst_brk(TBROK | TERRNO,
25 "keyctl_join_sessoin_keyring(...)");
26 }
27
28 tst_res(TPASS, "Denied access to .builtin_trusted_keys");
29 } else {
30 tst_res(TFAIL, "Allowed access to .builtin_trusted_keys");
31 }
32 }
33
34 static struct tst_test test = {
35 .test_all = run,
36 .needs_root = 1,
37 .tags = (const struct tst_tag[]) {
38 {"CVE", "2016-9604"},
39 {"linux-git", "ee8f844e3c5a"},
40 {}
41 }
42 };
43