From 6048103751afa33f1951539ce36224a03b276604 Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Fri, 15 Mar 2019 15:20:21 +1300 Subject: CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten The smbd changes the umask - if the code fails to restore the umask to what it was, then this is very bad. Add an extra check to every smbd-related test that the umask at the end of the test is the same as what it was at the beginning (i.e. if the smbd code changed the umask then it correctly restored the value afterwards). As the selftest sets the umask for all tests to zero, it makes it hard to detect this problem, so the test setUp() needs to set it to something else first. This extra checking is added to the setUp()/tearDown() so that it applies to all test-cases. However, any failure that occur with this approach will not be able to be known-failed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison --- selftest/knownfail.d/umask-leak | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 selftest/knownfail.d/umask-leak (limited to 'selftest') diff --git a/selftest/knownfail.d/umask-leak b/selftest/knownfail.d/umask-leak new file mode 100644 index 00000000000..5580beb4b68 --- /dev/null +++ b/selftest/knownfail.d/umask-leak @@ -0,0 +1,3 @@ +^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_smbd_create_file +^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_backup_online +^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_backup_offline -- cgit v1.2.1