38 lines
832 B
C
38 lines
832 B
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/*
|
|
* Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com>
|
|
*/
|
|
/* Check for CVE-2016-9604; that keys beginning with "." are disallowed.
|
|
*
|
|
* See commit ee8f844e3c5a73b999edf733df1c529d6503ec2f
|
|
*/
|
|
|
|
#include <errno.h>
|
|
#include "tst_test.h"
|
|
#include "lapi/keyctl.h"
|
|
|
|
void run(void)
|
|
{
|
|
if (keyctl_join_session_keyring(".builtin_trusted_keys") == -1) {
|
|
if (errno != EPERM) {
|
|
tst_brk(TBROK | TERRNO,
|
|
"keyctl_join_sessoin_keyring(...)");
|
|
}
|
|
|
|
tst_res(TPASS, "Denied access to .builtin_trusted_keys");
|
|
} else {
|
|
tst_res(TFAIL, "Allowed access to .builtin_trusted_keys");
|
|
}
|
|
}
|
|
|
|
static struct tst_test test = {
|
|
.test_all = run,
|
|
.needs_root = 1,
|
|
.min_kver = "2.6.13",
|
|
.tags = (const struct tst_tag[]) {
|
|
{"CVE", "2016-9604"},
|
|
{"linux-git", "ee8f844e3c5a"},
|
|
{}
|
|
}
|
|
};
|