glibc/posix/tst-spawn3.c

152 lines
4.4 KiB
C
Raw Normal View History

/* Check posix_spawn add file actions.
Copyright (C) 2016-2018 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#include <stdio.h>
#include <spawn.h>
#include <error.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/wait.h>
#include <sys/resource.h>
#include <fcntl.h>
#include <paths.h>
#include <support/check.h>
#include <support/temp_file.h>
static int
do_test (void)
{
/* The test checks if posix_spawn open file action close the file descriptor
before opening a new one in case the input file descriptor is already
opened. It does by exhausting all file descriptors on the process before
issue posix_spawn. It then issues a posix_spawn for '/bin/sh echo $$'
and add two rules:
1. Redirect stdout to a temporary filepath
2. Redirect stderr to stdout
If the implementation does not close the file 1. will fail with
EMFILE. */
struct rlimit rl;
int max_fd = 24;
int ret;
/* Set maximum number of file descriptor to a low value to avoid open
too many files in environments where RLIMIT_NOFILE is large and to
limit the array size to track the opened file descriptors. */
if (getrlimit (RLIMIT_NOFILE, &rl) == -1)
FAIL_EXIT1 ("getrlimit (RLIMIT_NOFILE): %m");
max_fd = (rl.rlim_cur < max_fd ? rl.rlim_cur : max_fd);
rl.rlim_cur = max_fd;
if (setrlimit (RLIMIT_NOFILE, &rl) == 1)
FAIL_EXIT1 ("setrlimit (RLIMIT_NOFILE): %m");
/* Exhauste the file descriptor limit with temporary files. */
int files[max_fd];
int nfiles = 0;
for (;;)
{
int fd = create_temp_file ("tst-spawn3.", NULL);
if (fd == -1)
{
if (errno != EMFILE)
FAIL_EXIT1 ("create_temp_file: %m");
break;
}
files[nfiles++] = fd;
}
posix_spawn_file_actions_t a;
if (posix_spawn_file_actions_init (&a) != 0)
FAIL_EXIT1 ("posix_spawn_file_actions_init");
Fix hardcoded /tmp paths in testing (bug 13888). As noted in bug 13888, and as I noted previously in <https://sourceware.org/ml/libc-alpha/2000-10/msg00111.html>, various tests used hardcoded paths in /tmp, so posing issues for simultaneous test runs from different build directories. This patch fixes such uses of hardcoded file names to put them in the build directory instead (in the case of stdio-common/bug5 the file names are changed as well, to avoid a conflict with the name bug5.out also used for the automatic test output redirection). It also fixes test-installation.pl likewise (that was using filenames with $$ in them rather than strictly hardcoded names, but that's still not good practice for temporary file naming). Note that my list of files changed is not identical to that in bug 13888. I added tst-spawn3.c and test-installation.pl, and removed some tests that seem to me (now) to create temporary files securely (simply using /tmp is not itself a problem if the temporary files are handled properly with mkstemp; I haven't checked whether those tests used to do things insecurely). conformtest is not changed because the makefiles always pass a --tmpdir option so the /tmp default is irrelevant, and for the same reason there is no actual problem with nptl/tst-umask1.c because again the makefiles always override the default. nptl/sockperf.c is ignored because there is no code to run it; probably that file should actually be removed. Some tests use the mktemp function, but I think they all use it in a way that *is* secure (for generating names for directories / sockets / fifos / symlinks, where the operation using the name will not follow symlinks and so there is no potential for a symlink attack on the account running the testsuite). Some tests use the tmpnam function to generate temporary file names. This is in principle insecure, but not addressed by this patch (I consider it a separate issue from the fully hardcoded paths). Tested for x86_64. [BZ #13888] * posix/Makefile (CFLAGS-tst-spawn3.c): New variable. * posix/tst-spawn3.c (do_test): Put tst-spwan3.pid in OBJPFX, not /tmp. * scripts/test-installation.pl: Put temporary files in build directory, not /tmp. * stdio-common/Makefile (CFLAGS-bug3.c): New variable. (CFLAGS-bug4.c): Likewise. (CFLAGS-bug5.c): Likewise. (CFLAGS-test-fseek.c): Likewise. (CFLAGS-test-popen.c): Likewise. (CFLAGS-test_rdwr.c): Likewise. * stdio-common/bug3.c (main): Put temporary file in OBJPFX, not /tmp. * stdio-common/bug4.c (main): Likewise. * stdio-common/bug5.c (main): Likewise. * stdio-common/test-fseek.c (TESTFILE): Likewise. * stdio-common/test-popen.c (do_test): Likewise. * stdio-common/test_rdwr.c (main): Likewise.
2018-06-26 21:48:48 +00:00
/* Executes a /bin/sh echo $$ 2>&1 > ${objpfx}tst-spawn3.pid . */
const char pidfile[] = OBJPFX "tst-spawn3.pid";
if (posix_spawn_file_actions_addopen (&a, STDOUT_FILENO, pidfile, O_WRONLY |
O_CREAT | O_TRUNC, 0644) != 0)
FAIL_EXIT1 ("posix_spawn_file_actions_addopen");
if (posix_spawn_file_actions_adddup2 (&a, STDOUT_FILENO, STDERR_FILENO) != 0)
FAIL_EXIT1 ("posix_spawn_file_actions_adddup2");
/* Since execve (called by posix_spawn) might require to open files to
actually execute the shell script, setup to close the temporary file
descriptors. */
for (int i=0; i<nfiles; i++)
{
if (posix_spawn_file_actions_addclose (&a, files[i]))
FAIL_EXIT1 ("posix_spawn_file_actions_addclose");
}
char *spawn_argv[] = { (char *) _PATH_BSHELL, (char *) "-c",
(char *) "echo $$", NULL };
pid_t pid;
if ((ret = posix_spawn (&pid, _PATH_BSHELL, &a, NULL, spawn_argv, NULL))
!= 0)
{
errno = ret;
FAIL_EXIT1 ("posix_spawn: %m");
}
int status;
int err = waitpid (pid, &status, 0);
if (err != pid)
FAIL_EXIT1 ("waitpid: %m");
/* Close the temporary files descriptor so it can check posix_spawn
output. */
for (int i=0; i<nfiles; i++)
{
if (close (files[i]))
FAIL_EXIT1 ("close: %m");
}
int pidfd = open (pidfile, O_RDONLY);
if (pidfd == -1)
FAIL_EXIT1 ("open: %m");
char buf[64];
ssize_t n;
if ((n = read (pidfd, buf, sizeof (buf))) < 0)
FAIL_EXIT1 ("read: %m");
unlink (pidfile);
/* We only expect to read the PID. */
char *endp;
long int rpid = strtol (buf, &endp, 10);
if (*endp != '\n')
FAIL_EXIT1 ("*endp != \'n\'");
if (endp == buf)
FAIL_EXIT1 ("read empty line");
if (rpid != pid)
FAIL_EXIT1 ("found \"%s\", expected pid %ld\n", buf, (long int) pid);
return 0;
}
#include <support/test-driver.c>