Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753255AbdF2Oap (ORCPT <rfc822;w@1wt.eu>);
        Thu, 29 Jun 2017 10:30:45 -0400
Received: from out02.mta.xmission.com ([166.70.13.232]:55891 "EHLO
        out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751974AbdF2Oah (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 29 Jun 2017 10:30:37 -0400
From: ebiederm@xmission.com (Eric W. Biederman)
To: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>,
        Shuah Khan <shuahkh@osg.samsung.com>, Greg KH <greg@kroah.com>,
        Naresh Kamboju <naresh.kamboju@linaro.org>,
        "open list\:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@vger.kernel.org>,
        "linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Shuah Khan <shuah@kernel.org>
References: <CA+G9fYtpFW+SHcaWCgt5ZAvPx3PO3x3nM+oRBUiOiQPbHVmw=w@mail.gmail.com>
        <20170627151359.GA11756@kroah.com> <20170627151600.GB11756@kroah.com>
        <df3c647e-1724-bcbb-4467-22af0c3be6e7@osg.samsung.com>
        <CAGXu5jKhpCsCZ-4xUyYnBzmAQCi4=CnJKW5daqhZZMZRs-kkwg@mail.gmail.com>
        <CALCETrVJYwoLT6=kQx9fRXzv7eVvC6dBiSHowjHHRrDCDFGJ1A@mail.gmail.com>
        <87fuei6gdu.fsf@xmission.com>
Date: Thu, 29 Jun 2017 09:23:15 -0500
In-Reply-To: <87fuei6gdu.fsf@xmission.com> (Eric W. Biederman's message of
        "Thu, 29 Jun 2017 09:02:53 -0500")
Message-ID: <878tka6ffw.fsf@xmission.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-XM-SPF: eid=1dQaSj-0006Ju-Lq;;;mid=<878tka6ffw.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=67.3.213.87;;;frm=ebiederm@xmission.com;;;spf=neutral
X-XM-AID: U2FsdGVkX1/cP5cSmMekLYKPDoOnM7vnTb8TSfkvKJU=
X-SA-Exim-Connect-IP: 67.3.213.87
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
        *  0.7 XMSubLong Long Subject
        *  0.0 TVD_RCVD_IP Message was received from an IP address
        *  0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available.
        * -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20%
        *      [score: 0.0931]
        * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
        *      [sa01 1397; Body=1 Fuz1=1 Fuz2=1]
        *  0.0 T_TooManySym_01 4+ unique symbols in subject
X-Spam-DCC: XMission; sa01 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: ;Andy Lutomirski <luto@kernel.org>
X-Spam-Relay-Country: 
X-Spam-Timing: total 5562 ms - load_scoreonly_sql: 0.06 (0.0%),
        signal_user_changed: 6 (0.1%), b_tie_ro: 3.4 (0.1%), parse: 1.29 (0.0%),
        extract_message_metadata: 26 (0.5%), get_uri_detail_list: 2.5 (0.0%),
        tests_pri_-1000: 10 (0.2%), tests_pri_-950: 2.0 (0.0%), tests_pri_-900: 1.65
        (0.0%), tests_pri_-400: 30 (0.5%), check_bayes: 28 (0.5%), b_tokenize: 12
        (0.2%), b_tok_get_all: 7 (0.1%), b_comp_prob: 3.8 (0.1%), b_tok_touch_all:
        2.4 (0.0%), b_finish: 0.81 (0.0%), tests_pri_0: 473 (8.5%),
        check_dkim_signature: 0.89 (0.0%), check_dkim_adsp: 4.1 (0.1%),
        tests_pri_500: 5006 (90.0%), poll_dns_idle: 4997 (89.9%), rewrite_mail: 0.00
        (0.0%)
Subject: Re: selftests/capabilities: test FAIL on linux mainline and linux-next and PASS on linux-4.4.70+
X-Spam-Flag: No
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1745
Lines: 49

ebiederm@xmission.com (Eric W. Biederman) writes:

> Andy Lutomirski <luto@kernel.org> writes:
>>
>> Hi Eric-
>>
>> This is rather odd.  The selftest
>> (tools/testing/selftests/capabilities/test_execve), run as root, fails
>> on current kernels.  The failure is worked around by this:
>>
>> diff --git a/tools/testing/selftests/capabilities/test_execve.c
>> b/tools/testing/selftests/capabilities/test_execve.c
>> index 10a21a958aaf..6db60889b211 100644
>> --- a/tools/testing/selftests/capabilities/test_execve.c
>> +++ b/tools/testing/selftests/capabilities/test_execve.c
>> @@ -139,8 +139,8 @@ static void chdir_to_tmpfs(void)
>>         if (chdir(cwd) != 0)
>>                 err(1, "chdir to private tmpfs");
>>
>> -       if (umount2(".", MNT_DETACH) != 0)
>> -               err(1, "detach private tmpfs");
>> +//     if (umount2(".", MNT_DETACH) != 0)
>> +//             err(1, "detach private tmpfs");
>>  }
>>
>>  static void copy_fromat_to(int fromfd, const char *fromname, const
>> char *toname)
>>
>> I think this is due to the line:
>>
>> p->mnt_ns = NULL;
>>
>> in umount_tree().  The test is putting us into a situation in which
>> our cwd has ->mnt_ns = NULL, which is making it act as if it's nosuid.
>> I can imagine this breaking some weird user code (like my test!).  Is
>> it a real problem, though?

I just wanted to follow up and say this the mnt_may_suid test appears
to be doing exactly what it was designed to do.

It's goal is not to allow a suid exec from another mount namespace and
in this test the umount2(".", MNT_DETACH) creates a poor man's mount
namespace.

So assuming that we want to not allow execing executables from other
mount namespaces the behavior appears to be exactly correct in this
case.

Eric