From 29cf06f1a8fcd410c4dce42b08dfb24b89736c0a Mon Sep 17 00:00:00 2001 From: Marco Conte Date: Fri, 28 Feb 2020 16:19:15 +0000 Subject: [PATCH] move setfsuid test and require necessary capability --- src/unistd.rs | 39 --------------------------------------- test/test_unistd.rs | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 39 deletions(-) diff --git a/src/unistd.rs b/src/unistd.rs index 183586a018..904c1c81ed 100644 --- a/src/unistd.rs +++ b/src/unistd.rs @@ -2751,42 +2751,3 @@ impl Group { }) } } - - -#[cfg(any(target_os = "linux", target_os = "android"))] -#[cfg(test)] -mod tests { - use super::*; - use std::{fs, thread, io}; - - /// Tests setting the filesystem UID with `setfsuid`. - #[test] - fn test_setfsuid() { - use std::os::unix::fs::PermissionsExt; - - // get the UID of the "nobody" user - let nobody = User::from_name("nobody").unwrap().unwrap(); - - // create a temporary file with permissions '-rw-r-----' - let file = tempfile::NamedTempFile::new().unwrap(); - let temp_path = file.into_temp_path(); - let temp_path_2 = (&temp_path).to_path_buf(); - let mut permissions = fs::metadata(&temp_path).unwrap().permissions(); - permissions.set_mode(640); - - // spawn a new thread where to test setfsuid - thread::spawn(move || { - // set filesystem UID - let _ = setfsuid(nobody.uid); - // trying to open the temporary file should fail with EACCES - let res = fs::File::open(&temp_path); - assert!(res.is_err()); - assert_eq!(res.err().unwrap().kind(), io::ErrorKind::PermissionDenied); - }) - .join() - .unwrap(); - - // open the temporary file with the current thread filesystem UID - fs::File::open(temp_path_2).unwrap(); - } -} diff --git a/test/test_unistd.rs b/test/test_unistd.rs index 24e0c86bec..7e3be1ccb2 100644 --- a/test/test_unistd.rs +++ b/test/test_unistd.rs @@ -866,3 +866,41 @@ fn test_access_file_exists() { let _file = File::create(path.clone()).unwrap(); assert!(access(&path, AccessFlags::R_OK | AccessFlags::W_OK).is_ok()); } + +/// Tests setting the filesystem UID with `setfsuid`. +#[cfg(any(target_os = "linux", target_os = "android"))] +#[test] +fn test_setfsuid() { + use std::os::unix::fs::PermissionsExt; + use std::{fs, thread}; + require_capability!(CAP_SETUID); + + // get the UID of the "nobody" user + let nobody = User::from_name("nobody").unwrap().unwrap(); + + // create a temporary file with permissions '-rw-r-----' + let file = tempfile::NamedTempFile::new().unwrap(); + let temp_path = file.into_temp_path(); + let temp_path_2 = (&temp_path).to_path_buf(); + let mut permissions = fs::metadata(&temp_path).unwrap().permissions(); + permissions.set_mode(640); + + // spawn a new thread where to test setfsuid + thread::spawn(move || { + // set filesystem UID + let fuid = setfsuid(nobody.uid); + // trying to open the temporary file should fail with EACCES + let res = fs::File::open(&temp_path); + assert!(res.is_err()); + assert_eq!(res.err().unwrap().kind(), io::ErrorKind::PermissionDenied); + + // assert fuid actually changes + let prev_fuid = setfsuid(Uid::from_raw(-1i32 as u32)); + assert_ne!(prev_fuid, fuid); + }) + .join() + .unwrap(); + + // open the temporary file with the current thread filesystem UID + fs::File::open(temp_path_2).unwrap(); +}