[compiler-rt] [sanitizer] Fix running sanitizer_bad_report_path_test on Linux as root (PR #97732)

via llvm-commits llvm-commits at lists.llvm.org
Thu Jul 4 07:08:25 PDT 2024


llvmbot wrote:


<!--LLVM PR SUMMARY COMMENT-->

@llvm/pr-subscribers-compiler-rt-sanitizer

Author: Ilya Leoshkevich (iii-i)

<details>
<summary>Changes</summary>

Running tests as root is not the greatest idea, however, there is one valid use case - running them in a container in order to verify LLVM on different distros. There is no reason to configure unprivileged users in a container, so one works as root.

sanitizer_bad_report_path_test assumes that creating a file in a non-writable directory would fail, which is not the case if CAP_DAC_OVERRIDE, which root has, is in effect. So drop it.

---
Full diff: https://github.com/llvm/llvm-project/pull/97732.diff


1 Files Affected:

- (modified) compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp (+23) 


``````````diff
diff --git a/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp b/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp
index fd4abf448b09d..a7312341b6f5c 100644
--- a/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp
+++ b/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp
@@ -13,9 +13,32 @@
 #include <stdio.h>
 #include <string.h>
 
+#if defined(__linux__)
+#include <linux/capability.h>
+
+/* Use capget() and capset() from glibc. */
+extern "C" int capget(cap_user_header_t header, cap_user_data_t data);
+extern "C" int capset(cap_user_header_t header, const cap_user_data_t data);
+
+static void try_drop_cap_dac_override(void) {
+  struct __user_cap_header_struct hdr = {
+    .version = _LINUX_CAPABILITY_VERSION_1,
+    .pid = 0,
+  };
+  struct __user_cap_data_struct data[_LINUX_CAPABILITY_U32S_1];
+  if (!capget(&hdr, data)) {
+    data[CAP_DAC_OVERRIDE >> 5].effective &= ~(1 << (CAP_DAC_OVERRIDE & 31));
+    capset(&hdr, data);
+  }
+}
+#else
+static void try_drop_cap_dac_override(void) {}
+#endif
+
 volatile int *null = 0;
 
 int main(int argc, char **argv) {
+  try_drop_cap_dac_override();
   char buff[1000];
   sprintf(buff, "%s.report_path/report", argv[0]);
   __sanitizer_set_report_path(buff);

``````````

</details>


https://github.com/llvm/llvm-project/pull/97732


More information about the llvm-commits mailing list