[Kernel-packages] [Bug 1950239] Re: creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve failed with XFS

Po-Hsu Lin Mon, 20 Dec 2021 19:35:45 -0800

Spotted on T-AWS-4.4 4.4.0-1098.103

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
       Status: New


** Also affects: linux-oem-5.10 (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: linux-oem-5.14 (Ubuntu Xenial)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.14 in Ubuntu.
https://bugs.launchpad.net/bugs/1950239

Title:
  creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from
  ubuntu_ltp/cve failed with XFS

Status in ubuntu-kernel-tests:
  In Progress
Status in linux package in Ubuntu:
  Fix Released
Status in linux-oem-5.10 package in Ubuntu:
  Invalid
Status in linux-oem-5.14 package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  New
Status in linux-oem-5.10 source package in Xenial:
  New
Status in linux-oem-5.14 source package in Xenial:
  New
Status in linux source package in Bionic:
  Fix Committed
Status in linux-ibm source package in Bionic:
  New
Status in linux-oem-5.10 source package in Bionic:
  Invalid
Status in linux-oem-5.14 source package in Bionic:
  Invalid
Status in linux source package in Focal:
  Fix Committed
Status in linux-ibm source package in Focal:
  Confirmed
Status in linux-oem-5.10 source package in Focal:
  Fix Released
Status in linux-oem-5.14 source package in Focal:
  Fix Released
Status in linux source package in Hirsute:
  Fix Committed
Status in linux-ibm source package in Hirsute:
  New
Status in linux-oem-5.10 source package in Hirsute:
  Invalid
Status in linux-oem-5.14 source package in Hirsute:
  Invalid
Status in linux source package in Impish:
  Fix Released
Status in linux-ibm source package in Impish:
  New
Status in linux-oem-5.10 source package in Impish:
  Invalid
Status in linux-oem-5.14 source package in Impish:
  Invalid

Bug description:
  [Impact]
  setgid files may be created on setgid directories owned by the directory
  group by users not belonging to that group. That is restricted to XFS.

  [Fix/Backport]
  The fix for 5.11 and 5.10 kernels is one simple commit with a minor
  backport conflict fixup on 5.10.

  5.4, on the other hand, required other 3 pre-requisites, which could be
  picked cleanly. On 4.15, however, they needed a lot of mangling and fixes.

  [Test case]
  creat09 LTP test case.

  [Potential regression]
  The creation of files on XFS may have the wrong attributes. Also, on 5.4
  and 4.15, the potential regression is larger, also affecting quota,
  statistics and other interfaces where uid, gid and projid are exposed.

  
  =====================================

  These two tests, creat09 from ubuntu_ltp_syscalls and cve-2018-13405
  from ubuntu_ltp/cve are actually the same test.

  Issue found on F-oem-5.10.0-1051.53

  With LTP upstream head SHA1 2ac54d426

  This is not a regression, it's because of a recent update that enables this 
test on different filesystems:
  
https://github.com/linux-test-project/ltp/commit/433b6cf7ade3d5e3bd4b85ac89b164c53312e65a

  Test failed on XFS with:
  tst_test.c:1431: TINFO: Testing on xfs
  tst_test.c:932: TINFO: Formatting /dev/loop3 with xfs opts='' extra opts=''
  tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
  creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
  creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
  creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
  creat09.c:92: TFAIL: mntpoint/testdir/creat.tmp: Setgid bit is set
  creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
  creat09.c:92: TFAIL: mntpoint/testdir/open.tmp: Setgid bit is set

  Test log:
  Checking for required user/group ids

  'nobody' user id and group found.
  'bin' user id and group found.
  'daemon' user id and group found.
  Users group found.
  Sys group found.
  Required users/groups exist.
  no big block device was specified on commandline.
  Tests which require a big block device are disabled.
  You can specify it with option -z
  INFO: Test start time: Mon Nov  8 10:00:06 UTC 2021
  COMMAND:    /opt/ltp/bin/ltp-pan -q  -e -S   -a 61758     -n 61758  -f 
/tmp/ltp-shLYORuoRT/alltests -l /dev/null  -C /dev/null -T /dev/null
  LOG File: /dev/null
  FAILED COMMAND File: /dev/null
  TCONF COMMAND File: /dev/null
  Running tests.......
  tst_device.c:88: TINFO: Found free device 3 '/dev/loop3'
  tst_supported_fs_types.c:88: TINFO: Kernel supports ext2
  tst_supported_fs_types.c:50: TINFO: mkfs.ext2 does exist
  tst_supported_fs_types.c:88: TINFO: Kernel supports ext3
  tst_supported_fs_types.c:50: TINFO: mkfs.ext3 does exist
  tst_supported_fs_types.c:88: TINFO: Kernel supports ext4
  tst_supported_fs_types.c:50: TINFO: mkfs.ext4 does exist
  tst_supported_fs_types.c:88: TINFO: Kernel supports xfs
  tst_supported_fs_types.c:50: TINFO: mkfs.xfs does exist
  tst_supported_fs_types.c:88: TINFO: Kernel supports btrfs
  tst_supported_fs_types.c:50: TINFO: mkfs.btrfs does exist
  tst_supported_fs_types.c:146: TINFO: Skipping vfat as requested by the test
  tst_supported_fs_types.c:146: TINFO: Skipping exfat as requested by the test
  tst_supported_fs_types.c:88: TINFO: Kernel supports tmpfs
  tst_supported_fs_types.c:37: TINFO: mkfs is not needed for tmpfs
  tst_test.c:1431: TINFO: Testing on ext2
  tst_test.c:932: TINFO: Formatting /dev/loop3 with ext2 opts='' extra opts=''
  mke2fs 1.45.5 (07-Jan-2020)
  tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
  creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
  creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
  creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
  creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set
  creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
  creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set
  tst_test.c:1431: TINFO: Testing on ext3
  tst_test.c:932: TINFO: Formatting /dev/loop3 with ext3 opts='' extra opts=''
  mke2fs 1.45.5 (07-Jan-2020)
  tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
  creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
  creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
  creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
  creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set
  creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
  creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set
  tst_test.c:1431: TINFO: Testing on ext4
  tst_test.c:932: TINFO: Formatting /dev/loop3 with ext4 opts='' extra opts=''
  mke2fs 1.45.5 (07-Jan-2020)
  tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
  creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
  creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
  creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
  creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set
  creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
  creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set
  tst_test.c:1431: TINFO: Testing on xfs
  tst_test.c:932: TINFO: Formatting /dev/loop3 with xfs opts='' extra opts=''
  tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
  creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
  creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
  creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
  creat09.c:92: TFAIL: mntpoint/testdir/creat.tmp: Setgid bit is set
  creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
  creat09.c:92: TFAIL: mntpoint/testdir/open.tmp: Setgid bit is set
  tst_test.c:1431: TINFO: Testing on btrfs
  tst_test.c:932: TINFO: Formatting /dev/loop3 with btrfs opts='' extra opts=''
  tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
  creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
  creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
  creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
  creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set
  creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
  creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set
  tst_test.c:1431: TINFO: Testing on tmpfs
  tst_test.c:932: TINFO: Skipping mkfs for TMPFS filesystem
  tst_test.c:913: TINFO: Limiting tmpfs size to 32MB
  tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
  creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
  creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
  creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
  creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set
  creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
  creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set

  HINT: You _MAY_ be missing kernel fixes, see:

  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848
  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e

  HINT: You _MAY_ be vulnerable to CVE(s), see:

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13405

  Summary:
  passed   22
  failed   2
  broken   0
  skipped  0
  warnings 0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1950239/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1950239] Re: creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve failed with XFS

Reply via email to