creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve failed with XFS
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
ubuntu-kernel-tests |
In Progress
|
Undecided
|
Unassigned | |||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | |||
Xenial |
New
|
Undecided
|
Unassigned | |||
Bionic |
Fix Released
|
Medium
|
Thadeu Lima de Souza Cascardo | |||
Focal |
Fix Released
|
Medium
|
Thadeu Lima de Souza Cascardo | |||
Hirsute |
Fix Released
|
Medium
|
Thadeu Lima de Souza Cascardo | |||
Impish |
Fix Released
|
Undecided
|
Unassigned | |||
linux-ibm (Ubuntu) | ||||||
Bionic |
New
|
Undecided
|
Unassigned | |||
Focal |
Fix Released
|
Undecided
|
Unassigned | |||
Hirsute |
Invalid
|
Undecided
|
Unassigned | |||
Impish |
Won't Fix
|
Undecided
|
Unassigned | |||
linux-oem-5.10 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | |||
Xenial |
Invalid
|
Undecided
|
Unassigned | |||
Bionic |
Invalid
|
Undecided
|
Unassigned | |||
Focal |
Fix Released
|
Undecided
|
Unassigned | |||
Hirsute |
Invalid
|
Undecided
|
Unassigned | |||
Impish |
Invalid
|
Undecided
|
Unassigned | |||
linux-oem-5.14 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | |||
Xenial |
Invalid
|
Undecided
|
Unassigned | |||
Bionic |
Invalid
|
Undecided
|
Unassigned | |||
Focal |
Fix Released
|
Undecided
|
Unassigned | |||
Hirsute |
Invalid
|
Undecided
|
Unassigned | |||
Impish |
Invalid
|
Undecided
|
Unassigned |
Bug Description
[Impact]
setgid files may be created on setgid directories owned by the directory
group by users not belonging to that group. That is restricted to XFS.
[Fix/Backport]
The fix for 5.11 and 5.10 kernels is one simple commit with a minor
backport conflict fixup on 5.10.
5.4, on the other hand, required other 3 pre-requisites, which could be
picked cleanly. On 4.15, however, they needed a lot of mangling and fixes.
[Test case]
creat09 LTP test case.
[Potential regression]
The creation of files on XFS may have the wrong attributes. Also, on 5.4
and 4.15, the potential regression is larger, also affecting quota,
statistics and other interfaces where uid, gid and projid are exposed.
=======
These two tests, creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve are actually the same test.
Issue found on F-oem-5.
With LTP upstream head SHA1 2ac54d426
This is not a regression, it's because of a recent update that enables this test on different filesystems:
https:/
Test failed on XFS with:
tst_test.c:1431: TINFO: Testing on xfs
tst_test.c:932: TINFO: Formatting /dev/loop3 with xfs opts='' extra opts=''
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/
creat09.c:92: TFAIL: mntpoint/
creat09.c:88: TPASS: mntpoint/
creat09.c:92: TFAIL: mntpoint/
Test log:
Checking for required user/group ids
'nobody' user id and group found.
'bin' user id and group found.
'daemon' user id and group found.
Users group found.
Sys group found.
Required users/groups exist.
no big block device was specified on commandline.
Tests which require a big block device are disabled.
You can specify it with option -z
INFO: Test start time: Mon Nov 8 10:00:06 UTC 2021
COMMAND: /opt/ltp/
LOG File: /dev/null
FAILED COMMAND File: /dev/null
TCONF COMMAND File: /dev/null
Running tests.......
tst_device.c:88: TINFO: Found free device 3 '/dev/loop3'
tst_supported_
tst_supported_
tst_supported_
tst_supported_
tst_supported_
tst_supported_
tst_supported_
tst_supported_
tst_supported_
tst_supported_
tst_supported_
tst_supported_
tst_supported_
tst_supported_
tst_test.c:1431: TINFO: Testing on ext2
tst_test.c:932: TINFO: Formatting /dev/loop3 with ext2 opts='' extra opts=''
mke2fs 1.45.5 (07-Jan-2020)
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/
creat09.c:94: TPASS: mntpoint/
creat09.c:88: TPASS: mntpoint/
creat09.c:94: TPASS: mntpoint/
tst_test.c:1431: TINFO: Testing on ext3
tst_test.c:932: TINFO: Formatting /dev/loop3 with ext3 opts='' extra opts=''
mke2fs 1.45.5 (07-Jan-2020)
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/
creat09.c:94: TPASS: mntpoint/
creat09.c:88: TPASS: mntpoint/
creat09.c:94: TPASS: mntpoint/
tst_test.c:1431: TINFO: Testing on ext4
tst_test.c:932: TINFO: Formatting /dev/loop3 with ext4 opts='' extra opts=''
mke2fs 1.45.5 (07-Jan-2020)
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/
creat09.c:94: TPASS: mntpoint/
creat09.c:88: TPASS: mntpoint/
creat09.c:94: TPASS: mntpoint/
tst_test.c:1431: TINFO: Testing on xfs
tst_test.c:932: TINFO: Formatting /dev/loop3 with xfs opts='' extra opts=''
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/
creat09.c:92: TFAIL: mntpoint/
creat09.c:88: TPASS: mntpoint/
creat09.c:92: TFAIL: mntpoint/
tst_test.c:1431: TINFO: Testing on btrfs
tst_test.c:932: TINFO: Formatting /dev/loop3 with btrfs opts='' extra opts=''
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/
creat09.c:94: TPASS: mntpoint/
creat09.c:88: TPASS: mntpoint/
creat09.c:94: TPASS: mntpoint/
tst_test.c:1431: TINFO: Testing on tmpfs
tst_test.c:932: TINFO: Skipping mkfs for TMPFS filesystem
tst_test.c:913: TINFO: Limiting tmpfs size to 32MB
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/
creat09.c:94: TPASS: mntpoint/
creat09.c:88: TPASS: mntpoint/
creat09.c:94: TPASS: mntpoint/
HINT: You _MAY_ be missing kernel fixes, see:
https:/
https:/
HINT: You _MAY_ be vulnerable to CVE(s), see:
https:/
Summary:
passed 22
failed 2
broken 0
skipped 0
warnings 0
CVE References
description: | updated |
description: | updated |
tags: | added: 5.10 focal ubuntu-ltp-syscalls |
summary: |
- creat09 from ubuntu_ltp_syscalls failed on F-oem-5.10 + creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve + failed on F-oem-5.10 |
description: | updated |
tags: | added: oem ubuntu-ltp |
summary: |
creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve - failed on F-oem-5.10 + failed with XFS |
Changed in linux (Ubuntu Bionic): | |
status: | New → Confirmed |
Changed in linux (Ubuntu Focal): | |
status: | New → Confirmed |
Changed in linux (Ubuntu Impish): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Hirsute): | |
status: | New → Confirmed |
tags: | added: hirsute |
tags: | added: sru-20211108 |
Changed in linux-oem-5.14 (Ubuntu Focal): | |
status: | New → Fix Released |
Changed in linux-oem-5.14 (Ubuntu Impish): | |
status: | New → Invalid |
Changed in linux-oem-5.14 (Ubuntu Hirsute): | |
status: | New → Invalid |
Changed in linux-oem-5.14 (Ubuntu Bionic): | |
status: | New → Invalid |
Changed in linux-oem-5.14 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-oem-5.10 (Ubuntu Focal): | |
status: | New → Confirmed |
Changed in linux-oem-5.10 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-oem-5.10 (Ubuntu Impish): | |
status: | New → Invalid |
Changed in linux-oem-5.10 (Ubuntu Hirsute): | |
status: | New → Invalid |
Changed in linux-oem-5.10 (Ubuntu Bionic): | |
status: | New → Invalid |
Changed in linux (Ubuntu Hirsute): | |
status: | Confirmed → In Progress |
Changed in linux (Ubuntu Focal): | |
status: | Confirmed → In Progress |
Changed in linux (Ubuntu Bionic): | |
status: | Confirmed → In Progress |
Changed in linux-oem-5.10 (Ubuntu Focal): | |
status: | Confirmed → In Progress |
description: | updated |
Changed in linux (Ubuntu Hirsute): | |
importance: | Undecided → Medium |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → Medium |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → Medium |
status: | In Progress → Fix Committed |
Changed in linux-oem-5.10 (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in ubuntu-kernel-tests: | |
status: | New → In Progress |
Changed in linux-ibm (Ubuntu Focal): | |
status: | New → Confirmed |
no longer affects: | linux-ibm (Ubuntu) |
Changed in linux-oem-5.14 (Ubuntu Xenial): | |
status: | New → Invalid |
Changed in linux-ibm (Ubuntu Hirsute): | |
status: | New → Invalid |
Changed in linux-oem-5.10 (Ubuntu Xenial): | |
status: | New → Invalid |
tags: |
added: ubuntu-ltp-cve removed: ubuntu-ltp |
Can be found on Bionic 4.15.0-159-generic as well.