Project

General

Profile

Actions
Copy link

[BUG] #12311

open

Поддержка protected_regular

Added by Denis Efremov about 1 year ago. Updated about 1 year ago.

Status:
Open
Priority:
Normal
Assignee:
Eugene Kornykhin
Start date:
04/04/2023
Due date:
% Done:

0%

Estimated time:
Detected in build:
git

Description

Моделью должно поддерживаться поведение ядра https://github.com/torvalds/linux/commit/30aba6656f

Actions
Copy link
 #1

Updated by Denis Efremov about 1 year ago 

Корныхин Евгений, [3/29/23 5:59 PM]
поведение не учитывается: вот тест в репозитории elmac-test: 41f306d11c9dfd3c03f135d336b95bc1598365db

Корныхин Евгений, [3/29/23 6:00 PM]
test_restricted_open.py Listening on localhost:9990
.
Replay traces progress:
F

=============================================== FAILURES ================================================
_______________________ TestRestrictedOpen.test_prob[open_file_write-othprotect] ________________________
E   AssertionError: Outcomes of model and OS are different
    assert False
------------------------------------------------- trace -------------------------------------------------
[
 { "syscall": "execve", "proc": "sudo", "pid": 22230, "euid": 1006, "egid": 1007, "pathname": "/calls/tst_open", "level": 0, "ilevel": 0, "categories": 0, "type": 0,  "ret": 0 },
 { "syscall": "open", "proc": "tst_open", "pid": 22230, "euid": 1006, "egid": 1007, "pathname": "/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9", "flags": 577, "mode": -1717986919, "newgroup": 0, "level": 0, "ilevel": 0, "categories": 0, "type": 0, "ret": -13 },
 { "syscall": "exit_group", "proc": "tst_open", "pid": 22230, "euid": 1006, "egid": 1007, "error_code": 0, "ret": 0 }
]
--------------------------------------------- replay trace ----------------------------------------------
[0] create_group: 0 [group=t-1876260652156474306_u0]
[1] create_group: 0 [group=t-1876260652156474306_u1]
[2] create_group: 0 [group=t-1876260652156474306_u2]
[3] create_user: 0 [integrity={Int1,Int2}, groups={t-1876260652156474306_u0}, user=t-1876260652156474306_u0]
[4] create_user: 0 [integrity={Int1,Int2}, groups={t-1876260652156474306_u1}, user=t-1876260652156474306_u1]
[5] create_user: 0 [integrity={Int1,Int2}, groups={t-1876260652156474306_u2}, user=t-1876260652156474306_u2]
[6] mkdir: 0 [mode={S_IRGRP,S_IROTH,S_IRUSR,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, parent=/, integrity=LowI, proc=sudo, folder=/calls, name=calls]
[7] open_create: 0 [mode={S_IRGRP,S_IROTH,S_IRUSR,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, parent=/calls, proc=sudo, integrity=LowI, file=/calls/tst_open, name=tst_open, flags={O_CREAT,O_WRONLY}, fd=FILE_DESCRIPTORS_EXTENDED2]
[8] close: 0 [proc=sudo, fd=FILE_DESCRIPTORS_EXTENDED2]
[9] mkdir: 0 [mode={S_IRGRP,S_IROTH,S_IRUSR,S_ISVTX,S_IWGRP,S_IWOTH,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, parent=/, integrity=LowI, proc=sudo, folder=/t-1876260652156474306_9x900smv, name=t-1876260652156474306_9x900smv]
[10] chown: 0 [owner=t-1876260652156474306_u0, parent=/, proc=sudo, name=t-1876260652156474306_9x900smv, group=t-1876260652156474306_u0]
[11] open_create: 0 [mode={S_IRGRP,S_IROTH,S_IRUSR,S_IWGRP,S_IWOTH,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, parent=/t-1876260652156474306_9x900smv, integrity=LowI, proc=sudo, file=/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9, flags={O_CREAT,O_WRONLY}, name=t-1876260652156474306_5o5gbgw9, fd=FILE_DESCRIPTORS_EXTENDED2]
[12] close: 0 [proc=sudo, fd=FILE_DESCRIPTORS_EXTENDED2]
[13] chown: 0 [owner=t-1876260652156474306_u1, parent=/t-1876260652156474306_9x900smv, proc=sudo, name=t-1876260652156474306_5o5gbgw9, group=root]
[14] set_acl: 0 [groupACL={(INIT_EXE |-> root) |-> GROUP_PERMISSIONS}, userACL={(INIT_EXE |-> root) |-> USER_PERMISSIONS}, dacPermissions={/calls/tst_open |-> {S_IRGRP,S_IROTH,S_IRUSR,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, /t-1876260652156474306_9x900smv |-> {S_IRGRP,S_IROTH,S_IRUSR,S_ISVTX,S_IWGRP,S_IWOTH,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, /calls |-> {S_IRGRP,S_IROTH,S_IRUSR,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, /t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9 |-> {S_IRGRP,S_IROTH,S_IRUSR,S_IWGRP,S_IWOTH,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, / |-> {S_IRGRP,S_IROTH,S_IRUSR,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, INIT_EXE |-> DEF_FILE_PERMS \/ GROUP_PERMISSIONS}, maskACL={INIT_EXE |-> GROUP_PERMISSIONS}, groupObjACL={/calls/tst_open |-> {GREAD, GEXECUTE}, /t-1876260652156474306_9x900smv |-> {GREAD, GWRITE, GEXECUTE}, /calls |-> {GREAD, GEXECUTE}, /t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9 |-> {GREAD, GWRITE, GEXECUTE}, / |-> {GREAD, GEXECUTE}, INIT_EXE |-> DEF_FILE_PERMS /\ GROUP_PERMISSIONS }]

Корныхин Евгений, [3/29/23 6:00 PM]
[15] login: 0 [proc=tst_open, integrity=LowI, exeFile=/calls/tst_open, fa={/calls/tst_open}, user=t-1876260652156474306_u2, group=t-1876260652156474306_u2]
[16] open_exists: -13 [parent=/t-1876260652156474306_9x900smv, proc=tst_open, flags={O_CREAT,O_TRUNC,O_WRONLY}, name=t-1876260652156474306_5o5gbgw9]
( DEF_FILE_PERMS={UREAD,UWRITE,GREAD,OREAD} &
       DEF_FOLDER_PERMS={UREAD,UWRITE,UEXECUTE,GREAD,GEXECUTE,OREAD,OEXECUTE} &
       DEF_SYMLINK_PERMS={UREAD,UWRITE,UEXECUTE,GREAD,GWRITE,GEXECUTE,OREAD,OWRITE,OEXECUTE} &
       FILE_DESCRIPTORS={FILE_DESCRIPTORS_EXTENDED2,FILE_DESCRIPTORS_EXTENDED3,FILE_DESCRIPTORS_EXTENDED4,FILE_DESCRIPTORS_EXTENDED5,FILE_DESCRIPTORS_EXTENDED6,FILE_DESCRIPTORS_EXTENDED7,FILE_DESCRIPTORS_EXTENDED8,FILE_DESCRIPTORS_EXTENDED9,FILE_DESCRIPTORS_EXTENDED10,FILE_DESCRIPTORS_EXTENDED11,FILE_DESCRIPTORS_EXTENDED12,FILE_DESCRIPTORS_EXTENDED13,FILE_DESCRIPTORS_EXTENDED14,FILE_DESCRIPTORS_EXTENDED15,FILE_DESCRIPTORS_EXTENDED16,FILE_DESCRIPTORS_EXTENDED17,FILE_DESCRIPTORS_EXTENDED18,FILE_DESCRIPTORS_EXTENDED19,FILE_DESCRIPTORS_EXTENDED20,FILE_DESCRIPTORS_EXTENDED21} &
       FILE_LIMIT=20 &
       FILE_MODES={SET_UID,SET_GID,STICKY_BIT} &
       GROUP_PERMISSIONS={GREAD,GWRITE,GEXECUTE} &
       MAX_FILES=20 &
       OTHER_PERMISSIONS={OREAD,OWRITE,OEXECUTE} &
       PROC_FILE_LIMIT=20 &
       USER_PERMISSIONS={UREAD,UWRITE,UEXECUTE} &
       HighI={Int1,Int2,Int3,Int4} &
       Integrity=POW({Int1,Int2,Int3,Int4}) &
       LABEL_STRING=INIT_NAME &
       LowI={} &
       S_IRGRP=GREAD &
       S_IROTH=OREAD &
       S_IRUSR=UREAD &
       S_ISGID=SET_GID &
       S_ISUID=SET_UID &
       S_ISVTX=STICKY_BIT &
       S_IWGRP=GWRITE &
       S_IWOTH=OWRITE &
       S_IWUSR=UWRITE &
       S_IXGRP=GEXECUTE &
       S_IXOTH=OEXECUTE &
       S_IXUSR=UEXECUTE &
       OPEN_FLAGS={1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21} &
       O_APPEND=13 &
       O_ASYNC=14 &
       O_CLOEXEC=9 &
       O_CREAT=4 &
       O_DIRECT=6 &
       O_DIRECTORY=8 &
       O_DSYNC=16 &
       O_EXCL=5 &
       O_LARGEFILE=18 &
       O_NDELAY=21 &
       O_NOATIME=17 &
       O_NOBLOCK=20 &
       O_NOCTTY=10 &
       O_NOFOLLOW=11 &
       O_PATH=19 &
       O_RDONLY=1 &
       O_RDWR=3 &
       O_SYNC=15 &
       O_TMPFILE=7 &
       O_TRUNC=12 &
       O_WRONLY=2 &
       FileInt={(INIT_EXE|->{Int1,Int2,Int3,Int4}),(/|->{Int1,Int2,Int3,Int4}),(/calls/tst_open|->{}),(/t-1876260652156474306_9x900smv|->{}),(/calls|->{}),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->{})} &
       ProcFA={(sudo|->{INIT_EXE}),(tst_open|->{/calls/tst_open})} &
       ProcFP={(sudo|->{}),(tst_open|->{})} &
       ProcInt={(sudo|->{Int1,Int2,Int3,Int4}),(tst_open|->{})} &
       UserFP={(root|->{}),(t-1876260652156474306_u2|->{}),(t-1876260652156474306_u0|->{}),(t-1876260652156474306_u1|->{})} &
       UserInt={(root|->{Int1,Int2,Int3,Int4}),(t-1876260652156474306_u2|->{Int1,Int2}),(t-1876260652156474306_u0|->{Int1,Int2}),(t-1876260652156474306_u1|->{Int1,Int2})} &
       DACPermissions={(INIT_EXE|->{UREAD,UWRITE,GREAD,GWRITE,GEXECUTE,OREAD}),(/|->{UREAD,UWRITE,UEXECUTE,GREAD,GEXECUTE,OREAD,OEXECUTE}),(/calls/tst_open|->{UREAD,UWRITE,UEXECUTE,GREAD,GEXECUTE,OREAD,OEXECUTE}),(/t-1876260652156474306_9x900smv|->{UREAD,UWRITE,UEXECUTE,GREAD,GWRITE,GEXECUTE,OREAD,OWRITE,OEXECUTE,STICKY_BIT}),(/calls|->{UREAD,UWRITE,UEXECUTE,GREAD,GEXECUTE,OREAD,OEXECUTE}),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->{UREAD,UWRITE,UEXECUTE,GREAD,GWRITE,GEXECUTE,OREAD,OWRITE,OEXECUTE})} &
       FDFile={(FILE_DESCRIPTORS_EXTENDED2|->/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9)} &
       FDFlags={(FILE_DESCRIPTORS_EXTENDED2|->{2,4,12})} &
       FDNumber={(FILE_DESCRIPTORS_EXTENDED2|->0)} &
       FDs={FILE_DESCRIPTORS_EXTENDED2} &
       FileGroup={(INIT_EXE|->root),(/|->root),(/calls/tst_open|->root),(/t-1876260652156474306_9x900smv|->t-1876260652156474306_u0),(/calls|->root),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->root)} &

Корныхин Евгений, [3/29/23 6:00 PM]
FileParents={(INIT_EXE|->(/|->INIT_NAME)),(/calls/tst_open|->(/calls|->tst_open)),(/t-1876260652156474306_9x900smv|->(/|->t-1876260652156474306_9x900smv)),(/calls|->(/|->calls)),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->(/t-1876260652156474306_9x900smv|->t-1876260652156474306_5o5gbgw9))} &
       FileUser={(INIT_EXE|->root),(/|->root),(/calls/tst_open|->root),(/t-1876260652156474306_9x900smv|->t-1876260652156474306_u0),(/calls|->root),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->t-1876260652156474306_u1)} &
       FileXattrs={(INIT_EXE|->{}),(/|->{}),(/calls/tst_open|->{}),(/t-1876260652156474306_9x900smv|->{}),(/calls|->{}),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->{})} &
       Files={INIT_EXE,/,/calls/tst_open,/t-1876260652156474306_9x900smv,/calls,/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9} &
       Folders={/,/t-1876260652156474306_9x900smv,/calls} &
       GroupACL={(INIT_EXE|->root|->{GREAD,GWRITE,GEXECUTE})} &
       GroupObjACL={(INIT_EXE|->{GREAD}),(/|->{GREAD,GEXECUTE}),(/calls/tst_open|->{GREAD,GEXECUTE}),(/t-1876260652156474306_9x900smv|->{GREAD,GWRITE,GEXECUTE}),(/calls|->{GREAD,GEXECUTE}),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->{GREAD,GWRITE,GEXECUTE})} &
       Groups={root,t-1876260652156474306_u2,t-1876260652156474306_u0,t-1876260652156474306_u1} &
       MaskACL={(INIT_EXE|->{GREAD,GWRITE,GEXECUTE})} &
       PathToRoot={(/|->{}),(/t-1876260652156474306_9x900smv|->{/}),(/calls|->{/})} &
       ProcArgv={(sudo|->{}),(tst_open|->{})} &
       ProcCwd={(sudo|->/),(tst_open|->/)} &
       ProcEXE={(sudo|->INIT_EXE),(tst_open|->/calls/tst_open)} &
       ProcEnvp={(sudo|->{}),(tst_open|->{})} &
       ProcFDs={(tst_open|->FILE_DESCRIPTORS_EXTENDED2)} &
       ProcGroup={(sudo|->root),(tst_open|->t-1876260652156474306_u2)} &
       ProcParent={(tst_open|->sudo)} &
       ProcUmask={(sudo|->{}),(tst_open|->{})} &
       ProcUser={(sudo|->root),(tst_open|->t-1876260652156474306_u2)} &
       Procs={sudo,tst_open} &
       UserACL={(INIT_EXE|->root|->{UREAD,UWRITE,UEXECUTE})} &
       UserCaps={(root|->{}),(t-1876260652156474306_u2|->{}),(t-1876260652156474306_u0|->{}),(t-1876260652156474306_u1|->{})} &
       UserGroups={(root|->root),(t-1876260652156474306_u2|->t-1876260652156474306_u2),(t-1876260652156474306_u0|->t-1876260652156474306_u0),(t-1876260652156474306_u1|->t-1876260652156474306_u1)} &
       Users={root,t-1876260652156474306_u2,t-1876260652156474306_u0,t-1876260652156474306_u1} )
Covered events:
         - chown
         - close
         - create_group
         - create_user
         - login
         - mkdir
         - open_create
         - set_acl
TEST FAIL
======================================== short test summary info ========================================
FAILED test_restricted_open.py::TestRestrictedOpen::test_prob[open_file_write-othprotect] - AssertionE...
=================================== 1 failed, 5 deselected in 14.77s ====================================
Actions
Copy link

Also available in: Atom PDF