** Description changed: + [Impact] + setgid files may be created on setgid directories owned by the directory + group by users not belonging to that group. That is restricted to XFS. + + [Fix/Backport] + The fix for 5.11 and 5.10 kernels is one simple commit with a minor + backport conflict fixup on 5.10. + + 5.4, on the other hand, required other 3 pre-requisites, which could be + picked cleanly. On 4.15, however, they needed a lot of mangling and fixes. + + [Test case] + creat09 LTP test case. + + [Potential regression] + The creation of files on XFS may have the wrong attributes. Also, on 5.4 + and 4.15, the potential regression is larger, also affecting quota, + statistics and other interfaces where uid, gid and projid are exposed. + + + ===================================== + These two tests, creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve are actually the same test. Issue found on F-oem-5.10.0-1051.53 With LTP upstream head SHA1 2ac54d426 This is not a regression, it's because of a recent update that enables this test on different filesystems: https://github.com/linux-test-project/ltp/commit/433b6cf7ade3d5e3bd4b85ac89b164c53312e65a Test failed on XFS with: tst_test.c:1431: TINFO: Testing on xfs tst_test.c:932: TINFO: Formatting /dev/loop3 with xfs opts='' extra opts='' tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534 creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0) creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group creat09.c:92: TFAIL: mntpoint/testdir/creat.tmp: Setgid bit is set creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group creat09.c:92: TFAIL: mntpoint/testdir/open.tmp: Setgid bit is set Test log: Checking for required user/group ids 'nobody' user id and group found. 'bin' user id and group found. 'daemon' user id and group found. Users group found. Sys group found. Required users/groups exist. no big block device was specified on commandline. Tests which require a big block device are disabled. You can specify it with option -z INFO: Test start time: Mon Nov 8 10:00:06 UTC 2021 COMMAND: /opt/ltp/bin/ltp-pan -q -e -S -a 61758 -n 61758 -f /tmp/ltp-shLYORuoRT/alltests -l /dev/null -C /dev/null -T /dev/null LOG File: /dev/null FAILED COMMAND File: /dev/null TCONF COMMAND File: /dev/null Running tests....... tst_device.c:88: TINFO: Found free device 3 '/dev/loop3' tst_supported_fs_types.c:88: TINFO: Kernel supports ext2 tst_supported_fs_types.c:50: TINFO: mkfs.ext2 does exist tst_supported_fs_types.c:88: TINFO: Kernel supports ext3 tst_supported_fs_types.c:50: TINFO: mkfs.ext3 does exist tst_supported_fs_types.c:88: TINFO: Kernel supports ext4 tst_supported_fs_types.c:50: TINFO: mkfs.ext4 does exist tst_supported_fs_types.c:88: TINFO: Kernel supports xfs tst_supported_fs_types.c:50: TINFO: mkfs.xfs does exist tst_supported_fs_types.c:88: TINFO: Kernel supports btrfs tst_supported_fs_types.c:50: TINFO: mkfs.btrfs does exist tst_supported_fs_types.c:146: TINFO: Skipping vfat as requested by the test tst_supported_fs_types.c:146: TINFO: Skipping exfat as requested by the test tst_supported_fs_types.c:88: TINFO: Kernel supports tmpfs tst_supported_fs_types.c:37: TINFO: mkfs is not needed for tmpfs tst_test.c:1431: TINFO: Testing on ext2 tst_test.c:932: TINFO: Formatting /dev/loop3 with ext2 opts='' extra opts='' mke2fs 1.45.5 (07-Jan-2020) tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534 creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0) creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set tst_test.c:1431: TINFO: Testing on ext3 tst_test.c:932: TINFO: Formatting /dev/loop3 with ext3 opts='' extra opts='' mke2fs 1.45.5 (07-Jan-2020) tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534 creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0) creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set tst_test.c:1431: TINFO: Testing on ext4 tst_test.c:932: TINFO: Formatting /dev/loop3 with ext4 opts='' extra opts='' mke2fs 1.45.5 (07-Jan-2020) tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534 creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0) creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set tst_test.c:1431: TINFO: Testing on xfs tst_test.c:932: TINFO: Formatting /dev/loop3 with xfs opts='' extra opts='' tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534 creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0) creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group creat09.c:92: TFAIL: mntpoint/testdir/creat.tmp: Setgid bit is set creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group creat09.c:92: TFAIL: mntpoint/testdir/open.tmp: Setgid bit is set tst_test.c:1431: TINFO: Testing on btrfs tst_test.c:932: TINFO: Formatting /dev/loop3 with btrfs opts='' extra opts='' tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534 creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0) creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set tst_test.c:1431: TINFO: Testing on tmpfs tst_test.c:932: TINFO: Skipping mkfs for TMPFS filesystem tst_test.c:913: TINFO: Limiting tmpfs size to 32MB tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534 creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0) creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set HINT: You _MAY_ be missing kernel fixes, see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e HINT: You _MAY_ be vulnerable to CVE(s), see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13405 Summary: passed 22 failed 2 broken 0 skipped 0 warnings 0
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950239 Title: creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve failed with XFS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1950239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
