From 14d3b069199d6a780cb83f55dfff11ed1ccea69d Mon Sep 17 00:00:00 2001 From: Kyle Evans Date: Fri, 7 Feb 2020 22:36:37 +0000 Subject: [PATCH] O_SEARCH test: mark revokex an expected fail on NFS The revokex test does not work when the scratch directory is created on NFS. Given the nature of NFS, it likely can never work without looking like a security hole since O_SEARCH would rely on the server knowing that the directory did have +x at the time of open and that it's OK for it to have been revoked based on POSIX specification for O_SEARCH. This does mean that O_SEARCH is only partially functional on NFS in general, but I suspect the execute bit getting revoked in the process is likely not common. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D23573 --- .../netbsd-tests/lib/libc/c063/t_o_search.c | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/contrib/netbsd-tests/lib/libc/c063/t_o_search.c b/contrib/netbsd-tests/lib/libc/c063/t_o_search.c index 714305e2a0ad..414a078011d9 100644 --- a/contrib/netbsd-tests/lib/libc/c063/t_o_search.c +++ b/contrib/netbsd-tests/lib/libc/c063/t_o_search.c @@ -34,6 +34,11 @@ __RCSID("$NetBSD: t_o_search.c,v 1.9 2020/02/06 12:18:06 martin Exp $"); #include #include +#ifdef __FreeBSD__ +#include +#else +#include +#endif #include #include @@ -322,6 +327,23 @@ ATF_TC_BODY(o_search_revokex, tc) /* Drop permissions. The kernel must still not check the exec bit. */ ATF_REQUIRE(chmod(DIR, 0000) == 0); + { + const char *fstypename; +#ifdef __FreeBSD__ + struct statfs st; + + fstatfs(dfd, &st); + fstypename = st.f_fstypename; +#else + struct statvfs vst; + + fstatvfs(dfd, &vst); + fstypename = vst.f_fstypename; +#endif + if (strcmp(fstypename, "nfs") == 0) + atf_tc_expect_fail( + "NFS protocol cannot observe O_SEARCH semantics"); + } ATF_REQUIRE(fstatat(dfd, BASEFILE, &sb, 0) == 0); ATF_REQUIRE(close(dfd) == 0);