coreutils/tests/truncate/truncate-owned-by-other.sh

#!/bin/sh
# Demonstrate that "truncate -s0 writable-but-owned-by-other" works.

# Copyright (C) 2008-2026 Free Software Foundation, Inc.

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
print_ver_ truncate

require_root_

# Create a file owned by root, and writable by $NON_ROOT_USERNAME.
echo > root-owned || framework_failure_
chgrp +$NON_ROOT_GID . root-owned || framework_failure_
chmod g+w root-owned

# Ensure that the current directory is searchable by $NON_ROOT_USERNAME.
chmod g+x .

chroot --skip-chdir --user=$NON_ROOT_USERNAME / env PATH="$PATH" \
  truncate -s0 root-owned || fail=1

Exit $fail
Add new program: truncate * AUTHORS: Register as the author * NEWS: Mention this change * README: Add truncate command to list * src/truncate.c: New command * src/Makefile.am: Add truncate command to list to build * src/.gitignore: Add truncate binary to list to ignore * doc/coreutils.texi (truncate invocation): Add truncate info * man/Makefile.am: Add truncate man page to list to build * man/truncate.x: Add truncate man page template * po/POTFILES.in: Add truncate to list to translate * tests/Makefile.am: Add truncate tests * tests/misc/help-version: Add support for new truncate command * tests/misc/truncate-dangling-symlink: check dangling link ok * tests/misc/truncate-dir-fail: ensure dirs fail * tests/misc/truncate-fail-diag: validate messages for missing paths * tests/misc/truncate-fifo: ensure fifos ignored * tests/misc/truncate-no-create-missing: ensure -c option honoured * tests/misc/truncate-overflow: check signed integer overflows * tests/misc/truncate-owned-by-other: root permissions check * tests/misc/truncate-parameters: check invalid parameter combinations * tests/misc/truncate-relative: check invalid relative sizes 2008-03-28 22:55:31 +00:00			`#!/bin/sh`
			`# Demonstrate that "truncate -s0 writable-but-owned-by-other" works.`

maint: run 'make update-copyright' 2026-01-01 10:56:16 -08:00			`# Copyright (C) 2008-2026 Free Software Foundation, Inc.`
Add new program: truncate * AUTHORS: Register as the author * NEWS: Mention this change * README: Add truncate command to list * src/truncate.c: New command * src/Makefile.am: Add truncate command to list to build * src/.gitignore: Add truncate binary to list to ignore * doc/coreutils.texi (truncate invocation): Add truncate info * man/Makefile.am: Add truncate man page to list to build * man/truncate.x: Add truncate man page template * po/POTFILES.in: Add truncate to list to translate * tests/Makefile.am: Add truncate tests * tests/misc/help-version: Add support for new truncate command * tests/misc/truncate-dangling-symlink: check dangling link ok * tests/misc/truncate-dir-fail: ensure dirs fail * tests/misc/truncate-fail-diag: validate messages for missing paths * tests/misc/truncate-fifo: ensure fifos ignored * tests/misc/truncate-no-create-missing: ensure -c option honoured * tests/misc/truncate-overflow: check signed integer overflows * tests/misc/truncate-owned-by-other: root permissions check * tests/misc/truncate-parameters: check invalid parameter combinations * tests/misc/truncate-relative: check invalid relative sizes 2008-03-28 22:55:31 +00:00
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`

			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`

			`# You should have received a copy of the GNU General Public License`
all: prefer HTTPS in URLs 2017-09-19 01:13:23 -07:00			`# along with this program. If not, see <https://www.gnu.org/licenses/>.`
Add new program: truncate * AUTHORS: Register as the author * NEWS: Mention this change * README: Add truncate command to list * src/truncate.c: New command * src/Makefile.am: Add truncate command to list to build * src/.gitignore: Add truncate binary to list to ignore * doc/coreutils.texi (truncate invocation): Add truncate info * man/Makefile.am: Add truncate man page to list to build * man/truncate.x: Add truncate man page template * po/POTFILES.in: Add truncate to list to translate * tests/Makefile.am: Add truncate tests * tests/misc/help-version: Add support for new truncate command * tests/misc/truncate-dangling-symlink: check dangling link ok * tests/misc/truncate-dir-fail: ensure dirs fail * tests/misc/truncate-fail-diag: validate messages for missing paths * tests/misc/truncate-fifo: ensure fifos ignored * tests/misc/truncate-no-create-missing: ensure -c option honoured * tests/misc/truncate-overflow: check signed integer overflows * tests/misc/truncate-owned-by-other: root permissions check * tests/misc/truncate-parameters: check invalid parameter combinations * tests/misc/truncate-relative: check invalid relative sizes 2008-03-28 22:55:31 +00:00
build: don't use recursive make for tests/ subdirectory * Makefile.am (SUBDIRS): Remove 'tests'. (include): The '$(top_srcdir)/tests/local.mk' file. (check-root): Remove this convenience target, it's no longer needed now that the "real" check-root target once in 'tests/Makefile' will land in the top-level makefile. * configure.ac (AC_CONFIG_FILES): Remove 'tests/Makefile'. * tests/Makefile.am: Rename ... * tests/local.mk: ... like this, with a lot of adjustments. * tests/init.cfg: Move ... * init.cfg: ... here. This is necessary, for a limitation of the gnulib-provided 'tests/init.sh', which unconditionally look for 'init.cfg' in the $(srcdir) directory. * tests//.sh: Adjust: expect init.sh to be in '$srcdir/tests', not in '$srcdir', and extend $PATH with './src', not with '../src'. * tests/Coreutils.pm: Adjust similarly. * tests/pr/pr-tests.pl ($pfx): Likewise. 2012-09-02 21:55:12 +02:00			`. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src`
tests: substitute the single-program $VERBOSE/--version uses Automatically make all of the changes like this: -test "$VERBOSE" = yes && chgrp --version +print_ver_ chgrp git grep -l 'VERBOSE.*--version'\|xargs perl -pi -e \ 's/test "\$VERBOSE" = yes && (\w+) --version/print_ver_ $1/' 2010-11-17 21:35:31 +01:00			`print_ver_ truncate`
tests: convert 'if test "$VERBOSE" = yes; then' to test ... && 2010-11-14 12:02:39 +01:00
Add new program: truncate * AUTHORS: Register as the author * NEWS: Mention this change * README: Add truncate command to list * src/truncate.c: New command * src/Makefile.am: Add truncate command to list to build * src/.gitignore: Add truncate binary to list to ignore * doc/coreutils.texi (truncate invocation): Add truncate info * man/Makefile.am: Add truncate man page to list to build * man/truncate.x: Add truncate man page template * po/POTFILES.in: Add truncate to list to translate * tests/Makefile.am: Add truncate tests * tests/misc/help-version: Add support for new truncate command * tests/misc/truncate-dangling-symlink: check dangling link ok * tests/misc/truncate-dir-fail: ensure dirs fail * tests/misc/truncate-fail-diag: validate messages for missing paths * tests/misc/truncate-fifo: ensure fifos ignored * tests/misc/truncate-no-create-missing: ensure -c option honoured * tests/misc/truncate-overflow: check signed integer overflows * tests/misc/truncate-owned-by-other: root permissions check * tests/misc/truncate-parameters: check invalid parameter combinations * tests/misc/truncate-relative: check invalid relative sizes 2008-03-28 22:55:31 +00:00			`require_root_`

			`# Create a file owned by root, and writable by $NON_ROOT_USERNAME.`
tests: complete the renaming framework_failure -> framework_failure_ These changes were mostly mechanical, made by running the following command: git grep -lw framework_failure \| grep -v ChangeLog \ \| xargs perl -pi -e 's/\b(framework_failure)\b/${1}_/' and then editing init.cfg and `tests/cp/cp-a-selinux' by hand. * tests/init.cfg (framework_failure): Remove, `framework_failure_' from init.sh should be used instead in the tests. Remove now-obsolete "FIXME" comment. (is_local_dir_, require_strace_, require_membership_in_two_groups_, require_sparse_support_, skip_if_mcstransd_is_running_, mkfifo_or_skip_) Use `framework_failure_', not `framework_failure'. * Many test scripts: Likewise. 2011-08-04 20:52:31 +02:00			`echo > root-owned \|\| framework_failure_`
tests: use predetermined NON_ROOT_GID * HACKING: GID is more useful in tests than group name, so rename input param from NON_ROOT_GROUP to NON_ROOT_GID to make it obvious that only a group ID is now acceptable, thus allowing GID lookups to be avoided throughout the tests. * init.cfg (require_root_): Likewise. * tests/misc/truncate-owned-by-other.sh: Avoid looking up the GID. * tests/touch/now-owned-by-other.sh: Likewise. * tests/misc/chroot-credentials.sh: Likewise. Also fix an instance of comparison against NON_ROOT_GROUP which would have given a false failure if a non numeric value was passed in. * tests/id/setgid.sh: Use previously looked up gid as a more accurate base for the subsequent adjustment, and move the uid lookup within chroot, rather than having the overhead of a separate `id` invocation. 2014-06-26 12:41:01 +01:00			`chgrp +$NON_ROOT_GID . root-owned \|\| framework_failure_`
Add new program: truncate * AUTHORS: Register as the author * NEWS: Mention this change * README: Add truncate command to list * src/truncate.c: New command * src/Makefile.am: Add truncate command to list to build * src/.gitignore: Add truncate binary to list to ignore * doc/coreutils.texi (truncate invocation): Add truncate info * man/Makefile.am: Add truncate man page to list to build * man/truncate.x: Add truncate man page template * po/POTFILES.in: Add truncate to list to translate * tests/Makefile.am: Add truncate tests * tests/misc/help-version: Add support for new truncate command * tests/misc/truncate-dangling-symlink: check dangling link ok * tests/misc/truncate-dir-fail: ensure dirs fail * tests/misc/truncate-fail-diag: validate messages for missing paths * tests/misc/truncate-fifo: ensure fifos ignored * tests/misc/truncate-no-create-missing: ensure -c option honoured * tests/misc/truncate-overflow: check signed integer overflows * tests/misc/truncate-owned-by-other: root permissions check * tests/misc/truncate-parameters: check invalid parameter combinations * tests/misc/truncate-relative: check invalid relative sizes 2008-03-28 22:55:31 +00:00			`chmod g+w root-owned`

			`# Ensure that the current directory is searchable by $NON_ROOT_USERNAME.`
			`chmod g+x .`

chroot: perform chdir("/") again unless new --skip-chdir is specified Since commit v8.22-94-g99960ee, chroot(1) skips the chroot(2) syscall for "/" arguments (and synonyms). The problem is that it also skips the following chdir("/") call in that case. The latter breaks existing scripts which expect "/" to be the working directory inside the chroot. While the first part of the change - i.e., skipping chroot("/") - is okay for consistency with systems where it might succeed for a non-root user, the second part might be malicious, e.g. cd /home/user && chroot '/' bin/foo In the "best" case, chroot(1) could not execute 'bin/foo' with ENOENT, but in the worst case, chroot(1) would execute '/home/user/bin/foo' in the case that exists - instead of '/bin/foo'. Revert that second part of the patch, i.e., perform the chdir("/) in the common case again - unless the new --skip-chdir option is specified. Restrict this new option to the case of "/" arguments. * src/chroot.c (SKIP_CHDIR): Add enum. (long_opts): Add entry for the new --skip-chdir option. (usage): Add --skip-chdir option, and while at it, move the other to options into alphabetical order. (main): Accept the above new option, allowing it only in the case when NEWROOT is the old "/". Move down the chdir() call after the if-clause to ensure it is run in any case - unless --skip-chdir is specified. Add a 'newroot' variable for the new root directory as it is used in a couple of places now. * tests/misc/chroot-fail.sh: Invert the last tests which check the working directory of the execvp()ed program when a "/"-like argument was passed: now expect it to be "/" - unless --skip-chdir is given. * doc/coreutils.texi (chroot invocation): Document the new option. Document that chroot(1) usually calls chdir("/") unless the new --skip-chdir option is specified. Sort options. * NEWS (Changes in behavior): Mention the fix. (New features): Mention the new option. * init.cfg (nonroot_has_perm_): Add chroot's new --skip-chdir option. * tests/cp/preserve-gid.sh (t1): Likewise. * tests/cp/special-bits.sh: Likewise. * tests/id/setgid.sh: Likewise. * tests/misc/truncate-owned-by-other.sh: Likewise. * tests/mv/sticky-to-xpart.sh: Likewise. * tests/rm/fail-2eperm.sh: Likewise. * tests/rm/no-give-up.sh: Likewise. * tests/touch/now-owned-by-other.sh: Likewise. Reported by Andreas Schwab in http://bugs.gnu.org/18062 2014-08-01 02:07:33 +02:00			`chroot --skip-chdir --user=$NON_ROOT_USERNAME / env PATH="$PATH" \`
tests: use chroot --user rather than internal setuidgid tool * init.cfg (require_root_): Adjust to use chroot, and make `require_built_ chroot` implicit when chroot used in the test. * po/POTFILES.in: Remove reference to setuidgid tool. * src/.gitignore: Likewise. * src/local.mk: Likewise. * src/setuidgid.c: Remove. * tests/cp/preserve-gid.sh: s/setuidgid/chroot --user/. * tests/cp/special-bits.sh: Likewise. * tests/id/setgid.sh: Likewise. * tests/misc/truncate-owned-by-other.sh * tests/mv/sticky-to-xpart.sh: Likewise. * tests/rm/fail-2eperm.sh: Likewise. * tests/rm/no-give-up.sh: Likewise. * tests/touch/now-owned-by-other.sh: Likewise. * tests/misc/chroot-fail.sh: Skip if chroot not built. 2014-05-19 18:21:57 +01:00			`truncate -s0 root-owned \|\| fail=1`
Add new program: truncate * AUTHORS: Register as the author * NEWS: Mention this change * README: Add truncate command to list * src/truncate.c: New command * src/Makefile.am: Add truncate command to list to build * src/.gitignore: Add truncate binary to list to ignore * doc/coreutils.texi (truncate invocation): Add truncate info * man/Makefile.am: Add truncate man page to list to build * man/truncate.x: Add truncate man page template * po/POTFILES.in: Add truncate to list to translate * tests/Makefile.am: Add truncate tests * tests/misc/help-version: Add support for new truncate command * tests/misc/truncate-dangling-symlink: check dangling link ok * tests/misc/truncate-dir-fail: ensure dirs fail * tests/misc/truncate-fail-diag: validate messages for missing paths * tests/misc/truncate-fifo: ensure fifos ignored * tests/misc/truncate-no-create-missing: ensure -c option honoured * tests/misc/truncate-overflow: check signed integer overflows * tests/misc/truncate-owned-by-other: root permissions check * tests/misc/truncate-parameters: check invalid parameter combinations * tests/misc/truncate-relative: check invalid relative sizes 2008-03-28 22:55:31 +00:00
tests: use "Exit $fail", not (exit $fail); exit $fail * tests/test-lib.sh (Exit): New function by Ralf Wildenhues in automake http://git.sv.gnu.org/gitweb/?p=automake.git;a=commitdiff;h=20594c08f63 * tests/*: Convert all uses: This restrictive change converted the vast majority: git grep -l '^(exit \$fail); exit \$fail$' \ \| xargs perl -pi -e 's/'^\(exit \$fail\); exit \$fail$/Exit \$fail/' And this did the rest, plus a few undesirable ones, so I manually backed out the changes to ChangeLog- and build-aux/check.mk: git grep -l -E '\(exit [^)]+\); exit ' \ \| xargs perl -pi -e 's/\(exit (.+?)\); exit \1/Exit $1/' 2008-09-07 10:31:27 +02:00			`Exit $fail`