[compiler-rt] [sanitizer] Fix running sanitizer_bad_report_path_test on Linux as root (PR #97732)

Ilya Leoshkevich via llvm-commits llvm-commits at lists.llvm.org
Thu Jul 4 07:15:54 PDT 2024 

https://github.com/iii-i updated https://github.com/llvm/llvm-project/pull/97732

>From 75895bdca2fa89f2a719b7f14f3886c0828ade0f Mon Sep 17 00:00:00 2001
From: Ilya Leoshkevich <iii at linux.ibm.com>
Date: Thu, 4 Jul 2024 15:47:51 +0200
Subject: [PATCH] [sanitizer] Fix running sanitizer_bad_report_path_test on
 Linux as root

Running tests as root is not the greatest idea, however, there is one
valid use case - running them in a container in order to verify LLVM on
different distros. There is no reason to configure unprivileged users
in a container, so one works as root.

sanitizer_bad_report_path_test assumes that creating a file in a
non-writable directory would fail, which is not the case if
CAP_DAC_OVERRIDE, which root has, is in effect. So drop it.
---
 .../Posix/sanitizer_bad_report_path_test.cpp  | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp b/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp
index fd4abf448b09d..4fb247c175211 100644
--- a/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp
+++ b/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_bad_report_path_test.cpp
@@ -13,9 +13,32 @@
 #include <stdio.h>
 #include <string.h>
 
+#if defined(__linux__)
+#  include <linux/capability.h>
+
+/* Use capget() and capset() from glibc. */
+extern "C" int capget(cap_user_header_t header, cap_user_data_t data);
+extern "C" int capset(cap_user_header_t header, const cap_user_data_t data);
+
+static void try_drop_cap_dac_override(void) {
+  struct __user_cap_header_struct hdr = {
+      .version = _LINUX_CAPABILITY_VERSION_1,
+      .pid = 0,
+  };
+  struct __user_cap_data_struct data[_LINUX_CAPABILITY_U32S_1];
+  if (!capget(&hdr, data)) {
+    data[CAP_DAC_OVERRIDE >> 5].effective &= ~(1 << (CAP_DAC_OVERRIDE & 31));
+    capset(&hdr, data);
+  }
+}
+#else
+static void try_drop_cap_dac_override(void) {}
+#endif
+
 volatile int *null = 0;
 
 int main(int argc, char **argv) {
+  try_drop_cap_dac_override();
   char buff[1000];
   sprintf(buff, "%s.report_path/report", argv[0]);
   __sanitizer_set_report_path(buff);

More information about the llvm-commits mailing list