summaryrefslogtreecommitdiff
path: root/tests/cp/existing-perm-race.sh
blob: f48369cd50d5deabbbde5a65989981f3c6a3e529 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#!/bin/sh
# Make sure cp -p isn't too generous with existing file permissions.

# Copyright (C) 2006-2015 Free Software Foundation, Inc.

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
print_ver_ cp

require_membership_in_two_groups_

# cp -p gives ENOTSUP on NFS on Linux 2.6.9 at least
require_local_dir_

set _ $groups; shift
g1=$1
g2=$2


umask 077
mkfifo_or_skip_ fifo

touch fifo-copy &&
chgrp $g1 fifo &&
chgrp $g2 fifo-copy &&
chmod g+r fifo-copy || framework-failure

# Terminate any background cp process
cleanup_() { kill $pid 2>/dev/null && wait $pid; }

# Copy a fifo's contents.  That way, we can examine the
# destination permissions before they're finalized.
cp -p --copy-contents fifo fifo-copy & pid=$!

(
  # Now 'cp' is reading the fifo.  Wait for the destination file to
  # be written to, encouraging things along by echoing to the fifo.
  while test ! -s fifo-copy; do
    echo foo
  done

  # Check the permissions of the destination.
  ls -l -n fifo-copy >ls.out &&

  # Close the fifo so that "cp" can continue.  But output first,
  # before exiting, otherwise some shells would optimize away the file
  # descriptor that holds the fifo open.
  echo foo
) >fifo || fail=1

# Check that the destination mode is safe while the file is being copied.
read mode links owner group etc <ls.out || fail=1
case $mode in
  -rw-------*) ;;

  # FIXME: Remove the following case; the file mode should always be
  # 600 while the data are being copied.  This will require changing
  # cp so that it also does not put $g1's data in a file that is
  # accessible to $g2.  This fix will not close a security hole, since
  # a $g2 process can maintain an open file descriptor to the
  # destination, but it's safer anyway.
  -rw-r-----*)
    # If the file has group $g1 and is group-readable, that is definitely bogus,
    # as neither the source nor the destination was readable to group $g1.
    test "$group" = "$g1" && fail=1;;

  *) fail=1;;
esac

wait $pid || fail=1

# Check that the final mode and group are right.
ls -l -n fifo-copy >ls.out &&
read mode links owner group etc <ls.out || fail=1
case $mode in
  -rw-------*) test "$group" = "$g1" || fail=1;;
  *) fail=1;;
esac

Exit $fail