From fa6c7b708014d8f73262837982e368f8d1f617b5 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Fri, 8 Feb 2019 16:15:09 +0100
Subject: sys/linux: prohibit opening /proc/self/exe

Fuzzer manages to open it and do bad things with it.
Prevent it from doing so.
---
 sys/linux/test/nonexec0 | 8 ++++++++
 sys/linux/test/nonexec1 | 7 +++++++
 2 files changed, 15 insertions(+)
 create mode 100644 sys/linux/test/nonexec0
 create mode 100644 sys/linux/test/nonexec1

(limited to 'sys/linux/test')

diff --git a/sys/linux/test/nonexec0 b/sys/linux/test/nonexec0
new file mode 100644
index 000000000..d4ce3ba4f
--- /dev/null
+++ b/sys/linux/test/nonexec0
@@ -0,0 +1,8 @@
+# This makes syz-executor non-executable.
+# Does not work with repeat because on the second iteration the executor is still non-executable.
+# setuid does not have permissions to set extended acl.
+# FS_IOC_FSSETXATTR fails with EOPNOTSUPP, but it still changes the attrs.
+# requires: -repeat -sandbox=setuid
+
+r0 = syz_open_procfs(0x0, &AUTO='exe\x00')
+fsetxattr$system_posix_acl(r0, &AUTO='system.posix_acl_access\x00', &AUTO={{AUTO}, {0x1, 0x2, AUTO}, [{AUTO, 0x0, 0x0}, {0x2, 0x4, 0x0}], {AUTO, 0x0, AUTO}, [], {0x10, 0x2, AUTO}, {AUTO, 0x0, AUTO}}, 0x34, 0x0)	# EOPNOTSUPP
diff --git a/sys/linux/test/nonexec1 b/sys/linux/test/nonexec1
new file mode 100644
index 000000000..ec5d6417c
--- /dev/null
+++ b/sys/linux/test/nonexec1
@@ -0,0 +1,7 @@
+# This makes syz-executor non-executable.
+# sandbox=namespace does not have permissions for FS_IOC_FSSETXATTR.
+# requires: -repeat -sandbox=namespace -sandbox=setuid
+
+r0 = syz_open_procfs(0x0, &AUTO='exe\x00')
+fsetxattr$system_posix_acl(r0, &AUTO='system.posix_acl_access\x00', &AUTO={{AUTO}, {0x1, 0x2, AUTO}, [{AUTO, 0x0, 0x0}, {0x2, 0x4, 0x0}], {AUTO, 0x0, AUTO}, [], {0x10, 0x2, AUTO}, {AUTO, 0x0, AUTO}}, 0x34, 0x0)	# EOPNOTSUPP
+ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &AUTO={0x17e, 0x0, 0x0, 0x0, 0x0, 0x0})		# ENOTTY
-- 
cgit mrf-deployment