From d436f9021b6577dec8ff7bbdca6be64fef4026c4 Mon Sep 17 00:00:00 2001
From: Jan Kurik <jkurik@redhat.com>
Date: Thu, 8 Apr 2021 10:58:58 +0200
Subject: [PATCH] Test for non-existence of SUID, GUID, sticky, world-writeable
 files/dirs

---
 tests/Sanity/writeable-suid-guid/Makefile   | 65 ++++++++++++++++++++
 tests/Sanity/writeable-suid-guid/PURPOSE    |  5 ++
 tests/Sanity/writeable-suid-guid/main.fmf   | 15 +++++
 tests/Sanity/writeable-suid-guid/runtest.sh | 66 +++++++++++++++++++++
 4 files changed, 151 insertions(+)
 create mode 100644 tests/Sanity/writeable-suid-guid/Makefile
 create mode 100644 tests/Sanity/writeable-suid-guid/PURPOSE
 create mode 100644 tests/Sanity/writeable-suid-guid/main.fmf
 create mode 100755 tests/Sanity/writeable-suid-guid/runtest.sh

diff --git a/tests/Sanity/writeable-suid-guid/Makefile b/tests/Sanity/writeable-suid-guid/Makefile
new file mode 100644
index 0000000..dcdad71
--- /dev/null
+++ b/tests/Sanity/writeable-suid-guid/Makefile
@@ -0,0 +1,65 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /tools/pcp/Sanity/writeable-suid-guid
+#   Description: Test for BZ#1025583 (pcp creates a world writeable directory)
+#   Author: Milos Prchlik <mprchlik@redhat.com>, Jan Kuřík <jkurik@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2014-2021 Red Hat, Inc.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+export TEST=/tools/pcp/Sanity/writeable-suid-guid
+export TESTVERSION=1.0
+
+BUILT_FILES=
+
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
+
+.PHONY: all install download clean
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+
+clean:
+	rm -f *~ $(BUILT_FILES)
+
+
+include /usr/share/rhts/lib/rhts-make.include
+
+$(METADATA): Makefile
+	@echo "Owner:           Jan Kuřík <jkurik@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     Test for BZ#1025583 (pcp creates a world writeable directory)" >> $(METADATA)
+	@echo "Type:            Sanity" >> $(METADATA)
+	@echo "TestTime:        15m" >> $(METADATA)
+	@echo "RunFor:          pcp" >> $(METADATA)
+	@echo "Requires:        pcp pcp-testsuite" >> $(METADATA)
+	@echo "Releases:        -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+	@echo "Bug:             1025583" >> $(METADATA)
+
+	rhts-lint $(METADATA)
diff --git a/tests/Sanity/writeable-suid-guid/PURPOSE b/tests/Sanity/writeable-suid-guid/PURPOSE
new file mode 100644
index 0000000..412dde7
--- /dev/null
+++ b/tests/Sanity/writeable-suid-guid/PURPOSE
@@ -0,0 +1,5 @@
+PURPOSE of /tools/pcp/Sanity/writeable-suid-guid
+Description: Test for BZ#1025583 (pcp creates a world writeable directory)
+Author: Milos Prchlik <mprchlik@redhat.com>, Jan Kuřík <jkurik@redhat.com>
+Bug summary: pcp creates a world writeable directory /var/lib/pcp/tmp
+Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1025583
diff --git a/tests/Sanity/writeable-suid-guid/main.fmf b/tests/Sanity/writeable-suid-guid/main.fmf
new file mode 100644
index 0000000..059c78a
--- /dev/null
+++ b/tests/Sanity/writeable-suid-guid/main.fmf
@@ -0,0 +1,15 @@
+summary: Test for BZ#1025583 (pcp creates a world writeable directory)
+description: |
+    Bug summary: pcp creates a world writeable directory /var/lib/pcp/tmp
+    Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1025583
+contact: Jan Kuřík <jkurik@redhat.com>
+component:
+- pcp
+test: ./runtest.sh
+framework: beakerlib
+recommend:
+- pcp
+- pcp-testsuite
+duration: 15m
+extra-summary: /tools/pcp/Sanity/writeable-suid-guid
+extra-task: /tools/pcp/Sanity/writeable-suid-guid
diff --git a/tests/Sanity/writeable-suid-guid/runtest.sh b/tests/Sanity/writeable-suid-guid/runtest.sh
new file mode 100755
index 0000000..609d2e4
--- /dev/null
+++ b/tests/Sanity/writeable-suid-guid/runtest.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /tools/pcp/Sanity/writeable-suid-guid
+#   Description: Test for BZ#1025583 (pcp creates a world writeable directory)
+#   Author: Milos Prchlik <mprchlik@redhat.com>, Jan Kuřík <jkurik@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2014-2021 Red Hat, Inc.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="pcp"
+DIRS="/var/lib/pcp /usr/include/pcp /etc/pcp /usr/libexec/pcp /var/log/pcp \
+      /usr/share/pcp /usr/share/doc/pcp"
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm $PACKAGE
+        rlRun "T=\$(mktemp -d)"
+        rlRun "pushd ${T}" || rlDie "Can not 'cd' into a temporary directory"
+    rlPhaseEnd
+
+    rlPhaseStartTest
+        rlRun -s "find ${DIRS} \
+            \\( -perm -4000 -fprintf suid.txt '%#m %u:%g %p\\\\n' \\) , \
+            \\( -perm -2000 -fprintf guid.txt '%#m %u:%g %p\\\\n' \\) , \
+            \\( -perm -1000 -fprintf sticky.txt '%#m %u:%g %p\\\\n' \\) , \
+            \\( -type d -perm -0002 -fprintf writeable-d.txt '%#m %u:%g %p\\\\n' \\) , \
+            \\( -type f -perm -0002 -fprintf writeable-f.txt '%#m %u:%g %p\\\\n' \\) \
+            " 0 "Search for world-writable, SUID, GUID or sticky bit files and directories"
+        for f in suid.txt guid.txt sticky.txt writeable-d.txt writeable-f.txt; do
+            if [[ -s ${f} ]]; then
+                rlLogInfo "${f} contains the following files:"
+                rlLogInfo "$(cat ${f})"
+                rlFail "PCP files/dirs should not contain SUID, GUID, sticky or world" \
+                    "writeable files"
+            fi
+        done
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rlRun "popd"
+        rlRun "rm -rf ${T}"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd