diff options
author | Marco Conte <gliderkite@gmail.com> | 2020-02-29 10:34:11 +0000 |
---|---|---|
committer | Marco Conte <gliderkite@gmail.com> | 2020-02-29 10:34:11 +0000 |
commit | 207d892707c0811848a502a4403e50422b2b32b1 (patch) | |
tree | 64c9b47e0fa5fb18a09a5abb2067d0e2ae60b32e /test/test_unistd.rs | |
parent | 922d5ee118a770435b14b08ec4be6f8ae9f7c30a (diff) | |
download | nix-207d892707c0811848a502a4403e50422b2b32b1.zip |
add setfsuid and setfsgid implementation for filesystem checks
Diffstat (limited to 'test/test_unistd.rs')
-rw-r--r-- | test/test_unistd.rs | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/test/test_unistd.rs b/test/test_unistd.rs index 24e0c86b..7e3be1cc 100644 --- a/test/test_unistd.rs +++ b/test/test_unistd.rs @@ -866,3 +866,41 @@ fn test_access_file_exists() { let _file = File::create(path.clone()).unwrap(); assert!(access(&path, AccessFlags::R_OK | AccessFlags::W_OK).is_ok()); } + +/// Tests setting the filesystem UID with `setfsuid`. +#[cfg(any(target_os = "linux", target_os = "android"))] +#[test] +fn test_setfsuid() { + use std::os::unix::fs::PermissionsExt; + use std::{fs, thread}; + require_capability!(CAP_SETUID); + + // get the UID of the "nobody" user + let nobody = User::from_name("nobody").unwrap().unwrap(); + + // create a temporary file with permissions '-rw-r-----' + let file = tempfile::NamedTempFile::new().unwrap(); + let temp_path = file.into_temp_path(); + let temp_path_2 = (&temp_path).to_path_buf(); + let mut permissions = fs::metadata(&temp_path).unwrap().permissions(); + permissions.set_mode(640); + + // spawn a new thread where to test setfsuid + thread::spawn(move || { + // set filesystem UID + let fuid = setfsuid(nobody.uid); + // trying to open the temporary file should fail with EACCES + let res = fs::File::open(&temp_path); + assert!(res.is_err()); + assert_eq!(res.err().unwrap().kind(), io::ErrorKind::PermissionDenied); + + // assert fuid actually changes + let prev_fuid = setfsuid(Uid::from_raw(-1i32 as u32)); + assert_ne!(prev_fuid, fuid); + }) + .join() + .unwrap(); + + // open the temporary file with the current thread filesystem UID + fs::File::open(temp_path_2).unwrap(); +} |