[compiler-rt] [sanitizer] Fix running sanitizer_bad_report_path_test on Linux as root (PR #97732)
via llvm-commits
llvm-commits at lists.llvm.org
Thu Jul 4 07:08:25 PDT 2024
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-compiler-rt-sanitizer
Author: Ilya Leoshkevich (iii-i)
<details>
<summary>Changes</summary>
Running tests as root is not the greatest idea, however, there is one valid use case - running them in a container in order to verify LLVM on different distros. There is no reason to configure unprivileged users in a container, so one works as root.
sanitizer_bad_report_path_test assumes that creating a file in a non-writable directory would fail, which is not the case if CAP_DAC_OVERRIDE, which root has, is in effect. So drop it.
---
Full diff: https://github.com/llvm/llvm-project/pull/97732.diff
1 Files Affected:
- (modified) compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp (+23)
``````````diff
diff --git a/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp b/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp
index fd4abf448b09d..a7312341b6f5c 100644
--- a/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp
+++ b/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp
@@ -13,9 +13,32 @@
#include <stdio.h>
#include <string.h>
+#if defined(__linux__)
+#include <linux/capability.h>
+
+/* Use capget() and capset() from glibc. */
+extern "C" int capget(cap_user_header_t header, cap_user_data_t data);
+extern "C" int capset(cap_user_header_t header, const cap_user_data_t data);
+
+static void try_drop_cap_dac_override(void) {
+ struct __user_cap_header_struct hdr = {
+ .version = _LINUX_CAPABILITY_VERSION_1,
+ .pid = 0,
+ };
+ struct __user_cap_data_struct data[_LINUX_CAPABILITY_U32S_1];
+ if (!capget(&hdr, data)) {
+ data[CAP_DAC_OVERRIDE >> 5].effective &= ~(1 << (CAP_DAC_OVERRIDE & 31));
+ capset(&hdr, data);
+ }
+}
+#else
+static void try_drop_cap_dac_override(void) {}
+#endif
+
volatile int *null = 0;
int main(int argc, char **argv) {
+ try_drop_cap_dac_override();
char buff[1000];
sprintf(buff, "%s.report_path/report", argv[0]);
__sanitizer_set_report_path(buff);
``````````
</details>
https://github.com/llvm/llvm-project/pull/97732
More information about the llvm-commits
mailing list