diff options
| author | Jim Meyering <meyering@redhat.com> | 2007-10-05 10:55:26 +0200 |
|---|---|---|
| committer | Jim Meyering <meyering@redhat.com> | 2007-10-05 13:26:46 +0200 |
| commit | b4148f567d9bf7abc8e82a6f2e252f28da93f354 (patch) | |
| tree | c02cabad7e804828d02acc5875bf9ae10f303a27 /tests | |
| parent | 068fa34adcb846244c81704de2872102310de86e (diff) | |
| download | coreutils-b4148f567d9bf7abc8e82a6f2e252f28da93f354.tar.xz | |
Make a failing cross-partition mv give a sensible diagnostic.
A cross-partition move of a file in a sticky tmpdir and owned by
another user would evoke an invalid diagnostic after copying it:
mv: cannot remove `x': Operation not permitted
Either of the following (mv.c, remove.c) changes would fix the bug by
itself. I think it's slightly better to use both; the added cost is
minimal: mv: an extra lstat-per-mv-cmdline-arg-that-goes-cross-partition,
rm: an extra lstat-per-unlink-that-fails-w/EPERM.
* src/remove.c (remove_entry): Also lstat the file upon EPERM.
* src/mv.c (rm_option_init): Initialize root_dev_ino just as is done
in rm, so that a cross-partition invoked remove.c:rm call works the
same way as one invoked from the command-line use of "rm". That
setting of root_dev_ino makes rm() do the equivalent of an additional
lstat for each argument, which in turn gives rm enough information to
issue the right diagnostic.
* tests/mv/sticky-to-xpart (version): New file. Test for the above.
* tests/mv/Makefile.am (TESTS): Add sticky-to-xpart.
Arrange for "make check-root" to run the new root-only test.
* tests/Makefile.am (tb): New target, to run the new root-only test.
(all_t): Add tb.
* src/c99-to-c89.diff: Adjust offsets.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/Makefile.am | 4 | ||||
| -rw-r--r-- | tests/mv/Makefile.am | 1 | ||||
| -rwxr-xr-x | tests/mv/sticky-to-xpart | 70 |
3 files changed, 74 insertions, 1 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 254efc470..af9328de2 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -50,7 +50,7 @@ SUBDIRS = \ uniq wc ## N O T E :: Please do not add new directories. -all_t = t1 t2 t3 t4 t5 t6 t7 t8 t9 ta +all_t = t1 t2 t3 t4 t5 t6 t7 t8 t9 ta tb .PHONY: check-root $(all_t) check-root: $(all_t) @@ -74,6 +74,8 @@ t9: cd cp && $(MAKE) check TESTS=cp-a-selinux ta: cd mkdir && $(MAKE) check TESTS=writable-under-readonly +tb: + cd mv && $(MAKE) check TESTS=sticky-to-xpart check-recursive: root-hint diff --git a/tests/mv/Makefile.am b/tests/mv/Makefile.am index 4fa09fbd2..ba5d41d98 100644 --- a/tests/mv/Makefile.am +++ b/tests/mv/Makefile.am @@ -17,6 +17,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. TESTS = \ + sticky-to-xpart \ hard-verbose \ backup-dir \ dir2dir \ diff --git a/tests/mv/sticky-to-xpart b/tests/mv/sticky-to-xpart new file mode 100755 index 000000000..04690d75b --- /dev/null +++ b/tests/mv/sticky-to-xpart @@ -0,0 +1,70 @@ +#!/bin/sh +# A cross-partition move of a file in a sticky tmpdir and owned by +# someone else would evoke an invalid diagnostic: +# mv: cannot remove `x': Operation not permitted +# Affects coreutils-6.0-6.9. + +# Copyright (C) 2007 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +if test "$VERBOSE" = yes; then + set -x + mv --version +fi + +. $srcdir/../envvar-check +. $srcdir/../lang-default +PRIV_CHECK_ARG=require-root . $srcdir/../priv-check +. $srcdir/../test-lib.sh + +cleanup_() { rm -rf "$other_partition_tmpdir"; } +. "$abs_top_srcdir/tests/other-fs-tmpdir" + +# Set up to run a test where non-root user tries to move a root-owned +# file from a sticky tmpdir to a directory owned by that user on +# a different partition. + +mkdir t || framework_failure +chmod a=rwx,o+t t || framework_failure +echo > t/root-owned || framework_failure +chmod a+r t/root-owned || framework_failure +chown "$NON_ROOT_USERNAME" "$other_partition_tmpdir" || framework_failure + +# We have to allow $NON_ROOT_USERNAME access to ".". +chmod go+x . || framework_failure + +# Ensure that $NON_ROOT_USERNAME can access the required version of mv. +version=`setuidgid $NON_ROOT_USERNAME env PATH="$PATH" mv --version|sed -n '1s/.* //p'` +case $version in + $PACKAGE_VERSION) ;; + *) echo "$0: cannot access just-built mv as user $NON_ROOT_USERNAME" 1>&2 + fail=1 ;; +esac + +setuidgid $NON_ROOT_USERNAME env PATH="$PATH" \ + mv t/root-owned $other_partition_tmpdir 2> out-t && fail=1 + +# On some systems, we get `Not owner'. Convert it. +# On other systems (HPUX), we get `Permission denied'. Convert it, too. +onp='Operation not permitted' +sed "s/Not owner/$onp/;s/Permission denied/$onp/" out-t > out + +cat <<\EOF > exp +mv: cannot remove `t/root-owned': Operation not permitted +EOF + +compare out exp || fail=1 + +(exit $fail); exit $fail |