Actions
[BUG] #12311
openПоддержка protected_regular
Added by Denis Efremov about 1 year ago. Updated about 1 year ago.
Start date:
04/04/2023
Due date:
% Done:
0%
Estimated time:
Detected in build:
git
Description
Моделью должно поддерживаться поведение ядра https://github.com/torvalds/linux/commit/30aba6656f
Updated by Denis Efremov about 1 year ago
Корныхин Евгений, [3/29/23 5:59 PM]
поведение не учитывается: вот тест в репозитории elmac-test: 41f306d11c9dfd3c03f135d336b95bc1598365db
Корныхин Евгений, [3/29/23 6:00 PM]
test_restricted_open.py Listening on localhost:9990
.
Replay traces progress:
F
=============================================== FAILURES ================================================
_______________________ TestRestrictedOpen.test_prob[open_file_write-othprotect] ________________________
E AssertionError: Outcomes of model and OS are different
assert False
------------------------------------------------- trace -------------------------------------------------
[
{ "syscall": "execve", "proc": "sudo", "pid": 22230, "euid": 1006, "egid": 1007, "pathname": "/calls/tst_open", "level": 0, "ilevel": 0, "categories": 0, "type": 0, "ret": 0 },
{ "syscall": "open", "proc": "tst_open", "pid": 22230, "euid": 1006, "egid": 1007, "pathname": "/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9", "flags": 577, "mode": -1717986919, "newgroup": 0, "level": 0, "ilevel": 0, "categories": 0, "type": 0, "ret": -13 },
{ "syscall": "exit_group", "proc": "tst_open", "pid": 22230, "euid": 1006, "egid": 1007, "error_code": 0, "ret": 0 }
]
--------------------------------------------- replay trace ----------------------------------------------
[0] create_group: 0 [group=t-1876260652156474306_u0]
[1] create_group: 0 [group=t-1876260652156474306_u1]
[2] create_group: 0 [group=t-1876260652156474306_u2]
[3] create_user: 0 [integrity={Int1,Int2}, groups={t-1876260652156474306_u0}, user=t-1876260652156474306_u0]
[4] create_user: 0 [integrity={Int1,Int2}, groups={t-1876260652156474306_u1}, user=t-1876260652156474306_u1]
[5] create_user: 0 [integrity={Int1,Int2}, groups={t-1876260652156474306_u2}, user=t-1876260652156474306_u2]
[6] mkdir: 0 [mode={S_IRGRP,S_IROTH,S_IRUSR,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, parent=/, integrity=LowI, proc=sudo, folder=/calls, name=calls]
[7] open_create: 0 [mode={S_IRGRP,S_IROTH,S_IRUSR,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, parent=/calls, proc=sudo, integrity=LowI, file=/calls/tst_open, name=tst_open, flags={O_CREAT,O_WRONLY}, fd=FILE_DESCRIPTORS_EXTENDED2]
[8] close: 0 [proc=sudo, fd=FILE_DESCRIPTORS_EXTENDED2]
[9] mkdir: 0 [mode={S_IRGRP,S_IROTH,S_IRUSR,S_ISVTX,S_IWGRP,S_IWOTH,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, parent=/, integrity=LowI, proc=sudo, folder=/t-1876260652156474306_9x900smv, name=t-1876260652156474306_9x900smv]
[10] chown: 0 [owner=t-1876260652156474306_u0, parent=/, proc=sudo, name=t-1876260652156474306_9x900smv, group=t-1876260652156474306_u0]
[11] open_create: 0 [mode={S_IRGRP,S_IROTH,S_IRUSR,S_IWGRP,S_IWOTH,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, parent=/t-1876260652156474306_9x900smv, integrity=LowI, proc=sudo, file=/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9, flags={O_CREAT,O_WRONLY}, name=t-1876260652156474306_5o5gbgw9, fd=FILE_DESCRIPTORS_EXTENDED2]
[12] close: 0 [proc=sudo, fd=FILE_DESCRIPTORS_EXTENDED2]
[13] chown: 0 [owner=t-1876260652156474306_u1, parent=/t-1876260652156474306_9x900smv, proc=sudo, name=t-1876260652156474306_5o5gbgw9, group=root]
[14] set_acl: 0 [groupACL={(INIT_EXE |-> root) |-> GROUP_PERMISSIONS}, userACL={(INIT_EXE |-> root) |-> USER_PERMISSIONS}, dacPermissions={/calls/tst_open |-> {S_IRGRP,S_IROTH,S_IRUSR,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, /t-1876260652156474306_9x900smv |-> {S_IRGRP,S_IROTH,S_IRUSR,S_ISVTX,S_IWGRP,S_IWOTH,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, /calls |-> {S_IRGRP,S_IROTH,S_IRUSR,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, /t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9 |-> {S_IRGRP,S_IROTH,S_IRUSR,S_IWGRP,S_IWOTH,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, / |-> {S_IRGRP,S_IROTH,S_IRUSR,S_IWUSR,S_IXGRP,S_IXOTH,S_IXUSR}, INIT_EXE |-> DEF_FILE_PERMS \/ GROUP_PERMISSIONS}, maskACL={INIT_EXE |-> GROUP_PERMISSIONS}, groupObjACL={/calls/tst_open |-> {GREAD, GEXECUTE}, /t-1876260652156474306_9x900smv |-> {GREAD, GWRITE, GEXECUTE}, /calls |-> {GREAD, GEXECUTE}, /t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9 |-> {GREAD, GWRITE, GEXECUTE}, / |-> {GREAD, GEXECUTE}, INIT_EXE |-> DEF_FILE_PERMS /\ GROUP_PERMISSIONS }]
Корныхин Евгений, [3/29/23 6:00 PM]
[15] login: 0 [proc=tst_open, integrity=LowI, exeFile=/calls/tst_open, fa={/calls/tst_open}, user=t-1876260652156474306_u2, group=t-1876260652156474306_u2]
[16] open_exists: -13 [parent=/t-1876260652156474306_9x900smv, proc=tst_open, flags={O_CREAT,O_TRUNC,O_WRONLY}, name=t-1876260652156474306_5o5gbgw9]
( DEF_FILE_PERMS={UREAD,UWRITE,GREAD,OREAD} &
DEF_FOLDER_PERMS={UREAD,UWRITE,UEXECUTE,GREAD,GEXECUTE,OREAD,OEXECUTE} &
DEF_SYMLINK_PERMS={UREAD,UWRITE,UEXECUTE,GREAD,GWRITE,GEXECUTE,OREAD,OWRITE,OEXECUTE} &
FILE_DESCRIPTORS={FILE_DESCRIPTORS_EXTENDED2,FILE_DESCRIPTORS_EXTENDED3,FILE_DESCRIPTORS_EXTENDED4,FILE_DESCRIPTORS_EXTENDED5,FILE_DESCRIPTORS_EXTENDED6,FILE_DESCRIPTORS_EXTENDED7,FILE_DESCRIPTORS_EXTENDED8,FILE_DESCRIPTORS_EXTENDED9,FILE_DESCRIPTORS_EXTENDED10,FILE_DESCRIPTORS_EXTENDED11,FILE_DESCRIPTORS_EXTENDED12,FILE_DESCRIPTORS_EXTENDED13,FILE_DESCRIPTORS_EXTENDED14,FILE_DESCRIPTORS_EXTENDED15,FILE_DESCRIPTORS_EXTENDED16,FILE_DESCRIPTORS_EXTENDED17,FILE_DESCRIPTORS_EXTENDED18,FILE_DESCRIPTORS_EXTENDED19,FILE_DESCRIPTORS_EXTENDED20,FILE_DESCRIPTORS_EXTENDED21} &
FILE_LIMIT=20 &
FILE_MODES={SET_UID,SET_GID,STICKY_BIT} &
GROUP_PERMISSIONS={GREAD,GWRITE,GEXECUTE} &
MAX_FILES=20 &
OTHER_PERMISSIONS={OREAD,OWRITE,OEXECUTE} &
PROC_FILE_LIMIT=20 &
USER_PERMISSIONS={UREAD,UWRITE,UEXECUTE} &
HighI={Int1,Int2,Int3,Int4} &
Integrity=POW({Int1,Int2,Int3,Int4}) &
LABEL_STRING=INIT_NAME &
LowI={} &
S_IRGRP=GREAD &
S_IROTH=OREAD &
S_IRUSR=UREAD &
S_ISGID=SET_GID &
S_ISUID=SET_UID &
S_ISVTX=STICKY_BIT &
S_IWGRP=GWRITE &
S_IWOTH=OWRITE &
S_IWUSR=UWRITE &
S_IXGRP=GEXECUTE &
S_IXOTH=OEXECUTE &
S_IXUSR=UEXECUTE &
OPEN_FLAGS={1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21} &
O_APPEND=13 &
O_ASYNC=14 &
O_CLOEXEC=9 &
O_CREAT=4 &
O_DIRECT=6 &
O_DIRECTORY=8 &
O_DSYNC=16 &
O_EXCL=5 &
O_LARGEFILE=18 &
O_NDELAY=21 &
O_NOATIME=17 &
O_NOBLOCK=20 &
O_NOCTTY=10 &
O_NOFOLLOW=11 &
O_PATH=19 &
O_RDONLY=1 &
O_RDWR=3 &
O_SYNC=15 &
O_TMPFILE=7 &
O_TRUNC=12 &
O_WRONLY=2 &
FileInt={(INIT_EXE|->{Int1,Int2,Int3,Int4}),(/|->{Int1,Int2,Int3,Int4}),(/calls/tst_open|->{}),(/t-1876260652156474306_9x900smv|->{}),(/calls|->{}),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->{})} &
ProcFA={(sudo|->{INIT_EXE}),(tst_open|->{/calls/tst_open})} &
ProcFP={(sudo|->{}),(tst_open|->{})} &
ProcInt={(sudo|->{Int1,Int2,Int3,Int4}),(tst_open|->{})} &
UserFP={(root|->{}),(t-1876260652156474306_u2|->{}),(t-1876260652156474306_u0|->{}),(t-1876260652156474306_u1|->{})} &
UserInt={(root|->{Int1,Int2,Int3,Int4}),(t-1876260652156474306_u2|->{Int1,Int2}),(t-1876260652156474306_u0|->{Int1,Int2}),(t-1876260652156474306_u1|->{Int1,Int2})} &
DACPermissions={(INIT_EXE|->{UREAD,UWRITE,GREAD,GWRITE,GEXECUTE,OREAD}),(/|->{UREAD,UWRITE,UEXECUTE,GREAD,GEXECUTE,OREAD,OEXECUTE}),(/calls/tst_open|->{UREAD,UWRITE,UEXECUTE,GREAD,GEXECUTE,OREAD,OEXECUTE}),(/t-1876260652156474306_9x900smv|->{UREAD,UWRITE,UEXECUTE,GREAD,GWRITE,GEXECUTE,OREAD,OWRITE,OEXECUTE,STICKY_BIT}),(/calls|->{UREAD,UWRITE,UEXECUTE,GREAD,GEXECUTE,OREAD,OEXECUTE}),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->{UREAD,UWRITE,UEXECUTE,GREAD,GWRITE,GEXECUTE,OREAD,OWRITE,OEXECUTE})} &
FDFile={(FILE_DESCRIPTORS_EXTENDED2|->/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9)} &
FDFlags={(FILE_DESCRIPTORS_EXTENDED2|->{2,4,12})} &
FDNumber={(FILE_DESCRIPTORS_EXTENDED2|->0)} &
FDs={FILE_DESCRIPTORS_EXTENDED2} &
FileGroup={(INIT_EXE|->root),(/|->root),(/calls/tst_open|->root),(/t-1876260652156474306_9x900smv|->t-1876260652156474306_u0),(/calls|->root),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->root)} &
Корныхин Евгений, [3/29/23 6:00 PM]
FileParents={(INIT_EXE|->(/|->INIT_NAME)),(/calls/tst_open|->(/calls|->tst_open)),(/t-1876260652156474306_9x900smv|->(/|->t-1876260652156474306_9x900smv)),(/calls|->(/|->calls)),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->(/t-1876260652156474306_9x900smv|->t-1876260652156474306_5o5gbgw9))} &
FileUser={(INIT_EXE|->root),(/|->root),(/calls/tst_open|->root),(/t-1876260652156474306_9x900smv|->t-1876260652156474306_u0),(/calls|->root),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->t-1876260652156474306_u1)} &
FileXattrs={(INIT_EXE|->{}),(/|->{}),(/calls/tst_open|->{}),(/t-1876260652156474306_9x900smv|->{}),(/calls|->{}),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->{})} &
Files={INIT_EXE,/,/calls/tst_open,/t-1876260652156474306_9x900smv,/calls,/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9} &
Folders={/,/t-1876260652156474306_9x900smv,/calls} &
GroupACL={(INIT_EXE|->root|->{GREAD,GWRITE,GEXECUTE})} &
GroupObjACL={(INIT_EXE|->{GREAD}),(/|->{GREAD,GEXECUTE}),(/calls/tst_open|->{GREAD,GEXECUTE}),(/t-1876260652156474306_9x900smv|->{GREAD,GWRITE,GEXECUTE}),(/calls|->{GREAD,GEXECUTE}),(/t-1876260652156474306_9x900smv/t-1876260652156474306_5o5gbgw9|->{GREAD,GWRITE,GEXECUTE})} &
Groups={root,t-1876260652156474306_u2,t-1876260652156474306_u0,t-1876260652156474306_u1} &
MaskACL={(INIT_EXE|->{GREAD,GWRITE,GEXECUTE})} &
PathToRoot={(/|->{}),(/t-1876260652156474306_9x900smv|->{/}),(/calls|->{/})} &
ProcArgv={(sudo|->{}),(tst_open|->{})} &
ProcCwd={(sudo|->/),(tst_open|->/)} &
ProcEXE={(sudo|->INIT_EXE),(tst_open|->/calls/tst_open)} &
ProcEnvp={(sudo|->{}),(tst_open|->{})} &
ProcFDs={(tst_open|->FILE_DESCRIPTORS_EXTENDED2)} &
ProcGroup={(sudo|->root),(tst_open|->t-1876260652156474306_u2)} &
ProcParent={(tst_open|->sudo)} &
ProcUmask={(sudo|->{}),(tst_open|->{})} &
ProcUser={(sudo|->root),(tst_open|->t-1876260652156474306_u2)} &
Procs={sudo,tst_open} &
UserACL={(INIT_EXE|->root|->{UREAD,UWRITE,UEXECUTE})} &
UserCaps={(root|->{}),(t-1876260652156474306_u2|->{}),(t-1876260652156474306_u0|->{}),(t-1876260652156474306_u1|->{})} &
UserGroups={(root|->root),(t-1876260652156474306_u2|->t-1876260652156474306_u2),(t-1876260652156474306_u0|->t-1876260652156474306_u0),(t-1876260652156474306_u1|->t-1876260652156474306_u1)} &
Users={root,t-1876260652156474306_u2,t-1876260652156474306_u0,t-1876260652156474306_u1} )
Covered events:
- chown
- close
- create_group
- create_user
- login
- mkdir
- open_create
- set_acl
TEST FAIL
======================================== short test summary info ========================================
FAILED test_restricted_open.py::TestRestrictedOpen::test_prob[open_file_write-othprotect] - AssertionE...
=================================== 1 failed, 5 deselected in 14.77s ====================================
Actions