priv_vfs_extattr_system.c revision 162271
1172106Srwatson/*- 2172106Srwatson * Copyright (c) 2006 nCircle Network Security, Inc. 3172106Srwatson * All rights reserved. 4172106Srwatson * 5172106Srwatson * This software was developed by Robert N. M. Watson for the TrustedBSD 6172106Srwatson * Project under contract to nCircle Network Security, Inc. 7172106Srwatson * 8172106Srwatson * Redistribution and use in source and binary forms, with or without 9172106Srwatson * modification, are permitted provided that the following conditions 10172106Srwatson * are met: 11172106Srwatson * 1. Redistributions of source code must retain the above copyright 12172106Srwatson * notice, this list of conditions and the following disclaimer. 13172106Srwatson * 2. Redistributions in binary form must reproduce the above copyright 14172106Srwatson * notice, this list of conditions and the following disclaimer in the 15172106Srwatson * documentation and/or other materials provided with the distribution. 16172106Srwatson * 17172106Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18172106Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19172106Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20172106Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 21172106Srwatson * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22172106Srwatson * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 23172106Srwatson * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 24172106Srwatson * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 25172106Srwatson * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 26172106Srwatson * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27172106Srwatson * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28172106Srwatson * 29172106Srwatson * $FreeBSD: head/tools/regression/priv/priv_vfs_extattr_system.c 162271 2006-09-13 09:05:39Z rwatson $ 30172106Srwatson */ 31172106Srwatson 32172106Srwatson/* 33172106Srwatson * Test that privilege is required to write to the system extended attribute 34172106Srwatson * namespace. 35172106Srwatson */ 36172106Srwatson 37172106Srwatson#include <sys/types.h> 38172106Srwatson#include <sys/extattr.h> 39172106Srwatson 40172106Srwatson#include <err.h> 41172106Srwatson#include <errno.h> 42172106Srwatson#include <string.h> 43172106Srwatson#include <unistd.h> 44172106Srwatson 45172106Srwatson#include "main.h" 46172106Srwatson 47172106Srwatson#define EA_NAMESPACE EXTATTR_NAMESPACE_SYSTEM 48172106Srwatson#define EA_NAME "test" 49172106Srwatson#define EA_DATA "test" 50172106Srwatson#define EA_SIZE strlen(EA_DATA) 51172106Srwatson 52172106Srwatsonvoid 53172106Srwatsonpriv_vfs_extattr_system(void) 54172106Srwatson{ 55172106Srwatson char fpath[1024]; 56172106Srwatson int error; 57172106Srwatson 58172106Srwatson assert_root(); 59172106Srwatson 60172106Srwatson /* 61172106Srwatson * Set file perms so that discretionary access control would grant 62172106Srwatson * write rights on non-system EAs on the file. 63172106Srwatson */ 64172106Srwatson setup_file(fpath, UID_ROOT, GID_WHEEL, 0666); 65172106Srwatson 66172106Srwatson /* 67172106Srwatson * Try with privilege. 68172106Srwatson */ 69172106Srwatson if (extattr_set_file(fpath, EA_NAMESPACE, EA_NAME, EA_DATA, EA_SIZE) 70172106Srwatson < 0) { 71172106Srwatson warn("extattr_set_file(SYSTEM, %s, %s, %d) as root", 72172106Srwatson EA_NAME, EA_DATA, EA_SIZE); 73172106Srwatson goto out; 74172106Srwatson } 75172106Srwatson 76172106Srwatson set_euid(UID_OTHER); 77172106Srwatson 78172106Srwatson /* 79172106Srwatson * Try without privilege. 80172106Srwatson */ 81172106Srwatson error = extattr_set_file(fpath, EA_NAMESPACE, EA_NAME, EA_DATA, 82172106Srwatson EA_SIZE); 83172106Srwatson if (error == 0) { 84172106Srwatson warn("extattr_set_file(SYSTEM, %s, %s, %d) succeeded as !root", 85172106Srwatson EA_NAME, EA_DATA, EA_SIZE); 86172106Srwatson goto out; 87172106Srwatson } 88172106Srwatson if (errno != EPERM) { 89 warn("extattr_set_file(SYSTEM, %s, %s, %d) wrong errno %d " 90 "as !root", EA_NAME, EA_DATA, EA_SIZE, errno); 91 goto out; 92 } 93out: 94 seteuid(UID_ROOT); 95 (void)unlink(fpath); 96} 97