| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
| 6 | 6 |
| 7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
| 8 #include <windows.h> | 8 #include <windows.h> |
| 9 #include <shellapi.h> | 9 #include <shellapi.h> |
| 10 #include <shlobj.h> | 10 #include <shlobj.h> |
| (...skipping 1845 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1856 | 1856 |
| 1857 base_dir_ = temp_dir_.path().AppendASCII("base_dir"); | 1857 base_dir_ = temp_dir_.path().AppendASCII("base_dir"); |
| 1858 ASSERT_TRUE(file_util::CreateDirectory(base_dir_)); | 1858 ASSERT_TRUE(file_util::CreateDirectory(base_dir_)); |
| 1859 | 1859 |
| 1860 sub_dir_ = base_dir_.AppendASCII("sub_dir"); | 1860 sub_dir_ = base_dir_.AppendASCII("sub_dir"); |
| 1861 ASSERT_TRUE(file_util::CreateDirectory(sub_dir_)); | 1861 ASSERT_TRUE(file_util::CreateDirectory(sub_dir_)); |
| 1862 | 1862 |
| 1863 text_file_ = sub_dir_.AppendASCII("file.txt"); | 1863 text_file_ = sub_dir_.AppendASCII("file.txt"); |
| 1864 CreateTextFile(text_file_, L"This text file has some text in it."); | 1864 CreateTextFile(text_file_, L"This text file has some text in it."); |
| 1865 | 1865 |
| 1866 // Our user and group id. | 1866 // Get the user and group files are created with from |base_dir_|. |
| 1867 uid_ = getuid(); | 1867 struct stat stat_buf; |
| 1868 gid_ = getgid(); | 1868 ASSERT_EQ(0, stat(base_dir_.value().c_str(), &stat_buf)); |
| 1869 uid_ = stat_buf.st_uid; |
| 1870 gid_ = stat_buf.st_gid; |
| 1871 ASSERT_EQ(uid_, getuid()); // This process should be the owner. |
| 1869 | 1872 |
| 1870 // To ensure that umask settings do not cause the initial state | 1873 // To ensure that umask settings do not cause the initial state |
| 1871 // of permissions to be different from what we expect, explicitly | 1874 // of permissions to be different from what we expect, explicitly |
| 1872 // set permissions on the directories we create. | 1875 // set permissions on the directories we create. |
| 1873 // Make all files and directories non-world-writable. | 1876 // Make all files and directories non-world-writable. |
| 1874 mode_t enabled_permissions = | 1877 mode_t enabled_permissions = |
| 1875 S_IRWXU | // User can read, write, traverse | 1878 S_IRWXU | // User can read, write, traverse |
| 1876 S_IRWXG; // Group can read, write, traverse | 1879 S_IRWXG; // Group can read, write, traverse |
| 1877 mode_t disabled_permissions = | 1880 mode_t disabled_permissions = |
| 1878 S_IRWXO; // Other users can't read, write, traverse. | 1881 S_IRWXO; // Other users can't read, write, traverse. |
| 1879 | 1882 |
| 1880 ASSERT_NO_FATAL_FAILURE( | 1883 ASSERT_NO_FATAL_FAILURE( |
| 1881 ChangePosixFilePermissions( | 1884 ChangePosixFilePermissions( |
| 1882 base_dir_, enabled_permissions, disabled_permissions)); | 1885 base_dir_, enabled_permissions, disabled_permissions)); |
| 1883 ASSERT_NO_FATAL_FAILURE( | 1886 ASSERT_NO_FATAL_FAILURE( |
| 1884 ChangePosixFilePermissions( | 1887 ChangePosixFilePermissions( |
| 1885 sub_dir_, enabled_permissions, disabled_permissions)); | 1888 sub_dir_, enabled_permissions, disabled_permissions)); |
| 1886 } | 1889 } |
| 1887 | 1890 |
| 1888 FilePath base_dir_; | 1891 FilePath base_dir_; |
| 1889 FilePath sub_dir_; | 1892 FilePath sub_dir_; |
| 1890 FilePath text_file_; | 1893 FilePath text_file_; |
| 1891 uid_t uid_; | 1894 uid_t uid_; |
| 1892 gid_t gid_; | 1895 gid_t gid_; |
| 1893 }; | 1896 }; |
| 1894 | 1897 |
| 1895 #if defined(OS_MACOSX) | 1898 TEST_F(VerifyPathControlledByUserTest, BadPaths) { |
| 1896 // http://crbug.com/97876 | |
| 1897 #define MAYBE_BadPaths FAILS_BadPaths | |
| 1898 #else | |
| 1899 #define MAYBE_BadPaths BadPaths | |
| 1900 #endif | |
| 1901 | |
| 1902 TEST_F(VerifyPathControlledByUserTest, MAYBE_BadPaths) { | |
| 1903 // File does not exist. | 1899 // File does not exist. |
| 1904 FilePath does_not_exist = base_dir_.AppendASCII("does") | 1900 FilePath does_not_exist = base_dir_.AppendASCII("does") |
| 1905 .AppendASCII("not") | 1901 .AppendASCII("not") |
| 1906 .AppendASCII("exist"); | 1902 .AppendASCII("exist"); |
| 1907 | 1903 |
| 1908 EXPECT_FALSE( | 1904 EXPECT_FALSE( |
| 1909 file_util::VerifyPathControlledByUser( | 1905 file_util::VerifyPathControlledByUser( |
| 1910 base_dir_, does_not_exist, uid_, gid_)); | 1906 base_dir_, does_not_exist, uid_, gid_)); |
| 1911 | 1907 |
| 1912 // |base| not a subpath of |path|. | 1908 // |base| not a subpath of |path|. |
| 1913 EXPECT_FALSE( | 1909 EXPECT_FALSE( |
| 1914 file_util::VerifyPathControlledByUser(sub_dir_, base_dir_, uid_, gid_)); | 1910 file_util::VerifyPathControlledByUser(sub_dir_, base_dir_, uid_, gid_)); |
| 1915 | 1911 |
| 1916 // An empty base path will fail to be a prefix for any path. | 1912 // An empty base path will fail to be a prefix for any path. |
| 1917 FilePath empty; | 1913 FilePath empty; |
| 1918 EXPECT_FALSE( | 1914 EXPECT_FALSE( |
| 1919 file_util::VerifyPathControlledByUser(empty, base_dir_, uid_, gid_)); | 1915 file_util::VerifyPathControlledByUser(empty, base_dir_, uid_, gid_)); |
| 1920 | 1916 |
| 1921 // Finding that a bad call fails proves nothing unless a good call succeeds. | 1917 // Finding that a bad call fails proves nothing unless a good call succeeds. |
| 1922 EXPECT_TRUE( | 1918 EXPECT_TRUE( |
| 1923 file_util::VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, gid_)); | 1919 file_util::VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, gid_)); |
| 1924 } | 1920 } |
| 1925 | 1921 |
| 1926 #if defined(OS_MACOSX) | |
| 1927 // http://crbug.com/97876 | |
| 1928 #define MAYBE_Symlinks FAILS_Symlinks | |
| 1929 #else | |
| 1930 #define MAYBE_Symlinks Symlinks | |
| 1931 #endif | |
| 1932 | |
| 1933 TEST_F(VerifyPathControlledByUserTest, Symlinks) { | 1922 TEST_F(VerifyPathControlledByUserTest, Symlinks) { |
| 1934 // Symlinks in the path should cause failure. | 1923 // Symlinks in the path should cause failure. |
| 1935 | 1924 |
| 1936 // Symlink to the file at the end of the path. | 1925 // Symlink to the file at the end of the path. |
| 1937 FilePath file_link = base_dir_.AppendASCII("file_link"); | 1926 FilePath file_link = base_dir_.AppendASCII("file_link"); |
| 1938 ASSERT_TRUE(file_util::CreateSymbolicLink(text_file_, file_link)) | 1927 ASSERT_TRUE(file_util::CreateSymbolicLink(text_file_, file_link)) |
| 1939 << "Failed to create symlink."; | 1928 << "Failed to create symlink."; |
| 1940 | 1929 |
| 1941 EXPECT_FALSE( | 1930 EXPECT_FALSE( |
| 1942 file_util::VerifyPathControlledByUser(base_dir_, file_link, uid_, gid_)); | 1931 file_util::VerifyPathControlledByUser(base_dir_, file_link, uid_, gid_)); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 1958 EXPECT_FALSE( | 1947 EXPECT_FALSE( |
| 1959 file_util::VerifyPathControlledByUser( | 1948 file_util::VerifyPathControlledByUser( |
| 1960 link_to_sub_dir, file_path_with_link, uid_, gid_)); | 1949 link_to_sub_dir, file_path_with_link, uid_, gid_)); |
| 1961 | 1950 |
| 1962 // Symlinks in parents of base path are allowed. | 1951 // Symlinks in parents of base path are allowed. |
| 1963 EXPECT_TRUE( | 1952 EXPECT_TRUE( |
| 1964 file_util::VerifyPathControlledByUser( | 1953 file_util::VerifyPathControlledByUser( |
| 1965 file_path_with_link, file_path_with_link, uid_, gid_)); | 1954 file_path_with_link, file_path_with_link, uid_, gid_)); |
| 1966 } | 1955 } |
| 1967 | 1956 |
| 1968 #if defined(OS_MACOSX) | 1957 TEST_F(VerifyPathControlledByUserTest, OwnershipChecks) { |
| 1969 // http://crbug.com/97876 | |
| 1970 #define MAYBE_OwnershipChecks FAILS_OwnershipChecks | |
| 1971 #else | |
| 1972 #define MAYBE_OwnershipChecks OwnershipChecks | |
| 1973 #endif | |
| 1974 | |
| 1975 TEST_F(VerifyPathControlledByUserTest, MAYBE_OwnershipChecks) { | |
| 1976 // Get a uid that is not the uid of files we create. | 1958 // Get a uid that is not the uid of files we create. |
| 1977 uid_t bad_uid = uid_ + 1; | 1959 uid_t bad_uid = uid_ + 1; |
| 1978 | 1960 |
| 1979 // Get a gid that is not ours. | 1961 // Get a gid that is not ours. |
| 1980 gid_t bad_gid = gid_ + 1; | 1962 gid_t bad_gid = gid_ + 1; |
| 1981 | 1963 |
| 1982 // Make all files and directories non-world-writable. | 1964 // Make all files and directories non-world-writable. |
| 1983 ASSERT_NO_FATAL_FAILURE( | 1965 ASSERT_NO_FATAL_FAILURE( |
| 1984 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH)); | 1966 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH)); |
| 1985 ASSERT_NO_FATAL_FAILURE( | 1967 ASSERT_NO_FATAL_FAILURE( |
| (...skipping 25 matching lines...) Expand all Loading... |
| 2011 file_util::VerifyPathControlledByUser( | 1993 file_util::VerifyPathControlledByUser( |
| 2012 base_dir_, sub_dir_, uid_, bad_gid)); | 1994 base_dir_, sub_dir_, uid_, bad_gid)); |
| 2013 EXPECT_FALSE( | 1995 EXPECT_FALSE( |
| 2014 file_util::VerifyPathControlledByUser( | 1996 file_util::VerifyPathControlledByUser( |
| 2015 base_dir_, text_file_, uid_, bad_gid)); | 1997 base_dir_, text_file_, uid_, bad_gid)); |
| 2016 EXPECT_FALSE( | 1998 EXPECT_FALSE( |
| 2017 file_util::VerifyPathControlledByUser( | 1999 file_util::VerifyPathControlledByUser( |
| 2018 sub_dir_, text_file_, uid_, bad_gid)); | 2000 sub_dir_, text_file_, uid_, bad_gid)); |
| 2019 } | 2001 } |
| 2020 | 2002 |
| 2021 #if defined(OS_MACOSX) | 2003 TEST_F(VerifyPathControlledByUserTest, WriteBitChecks) { |
| 2022 // http://crbug.com/97876 | |
| 2023 #define MAYBE_WriteBitChecks FAILS_WriteBitChecks | |
| 2024 #else | |
| 2025 #define MAYBE_WriteBitChecks WriteBitChecks | |
| 2026 #endif | |
| 2027 | |
| 2028 TEST_F(VerifyPathControlledByUserTest, MAYBE_WriteBitChecks) { | |
| 2029 // Make all files and directories non-world-writable. | 2004 // Make all files and directories non-world-writable. |
| 2030 ASSERT_NO_FATAL_FAILURE( | 2005 ASSERT_NO_FATAL_FAILURE( |
| 2031 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH)); | 2006 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH)); |
| 2032 ASSERT_NO_FATAL_FAILURE( | 2007 ASSERT_NO_FATAL_FAILURE( |
| 2033 ChangePosixFilePermissions(sub_dir_, 0u, S_IWOTH)); | 2008 ChangePosixFilePermissions(sub_dir_, 0u, S_IWOTH)); |
| 2034 ASSERT_NO_FATAL_FAILURE( | 2009 ASSERT_NO_FATAL_FAILURE( |
| 2035 ChangePosixFilePermissions(text_file_, 0u, S_IWOTH)); | 2010 ChangePosixFilePermissions(text_file_, 0u, S_IWOTH)); |
| 2036 | 2011 |
| 2037 // Initialy, we control all parts of the path. | 2012 // Initialy, we control all parts of the path. |
| 2038 EXPECT_TRUE( | 2013 EXPECT_TRUE( |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2100 file_util::VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, gid_)); | 2075 file_util::VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, gid_)); |
| 2101 EXPECT_TRUE( | 2076 EXPECT_TRUE( |
| 2102 file_util::VerifyPathControlledByUser(base_dir_, text_file_, uid_, gid_)); | 2077 file_util::VerifyPathControlledByUser(base_dir_, text_file_, uid_, gid_)); |
| 2103 EXPECT_TRUE( | 2078 EXPECT_TRUE( |
| 2104 file_util::VerifyPathControlledByUser(sub_dir_, text_file_, uid_, gid_)); | 2079 file_util::VerifyPathControlledByUser(sub_dir_, text_file_, uid_, gid_)); |
| 2105 } | 2080 } |
| 2106 | 2081 |
| 2107 #endif // defined(OS_POSIX) | 2082 #endif // defined(OS_POSIX) |
| 2108 | 2083 |
| 2109 } // namespace | 2084 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8037014:
Get gid of created folders from stat()ing the folders, not from getgid(). (Closed)
Base URL: http://git.chromium.org/git/chromium.git@trunk