ltp-testsuite-20220930-alt4.x86_64	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ltp/testcases/bin/smack_file_access.sh: $ grep -A5 -B5 /tmp/ /usr/lib/ltp/testcases/bin/smack_file_access.sh testfile="testfile" tst_tmpdir TST_CLEANUP=cleanup smack_notroot /bin/sh -c "echo InitialData 2>/tmp/smack_fail.log > $testfile" if [ ! -f "$testfile" ]; then tst_brkm TFAIL "Test file \"$testfile\" can not be created." fi setfattr --name=security.SMACK64 --value=TheOther "$testfile" Found error in /usr/lib/ltp/testcases/bin/sched_stress.sh: $ grep -A5 -B5 /tmp/ /usr/lib/ltp/testcases/bin/sched_stress.sh # their bootfiles other locations. export KERNEL=./sched_datafile touch $KERNEL echo 0.000000 > sch.measure export RAWDEV=`df / | grep dev | awk {'print $1'}` sched_driver -s 0.9 -t 0.02 -p 2 > /tmp/tmp$$ tail -n 5 /tmp/tmp$$ rm -rf /tmp/tmp$$ ./sched_datafile sch.measure Found error in /usr/lib/ltp/testcases/bin/run_cpuctl_test_fj.sh: $ grep -A5 -B5 /tmp/ /usr/lib/ltp/testcases/bin/run_cpuctl_test_fj.sh export TCID="cpuctl_test_fj" export TST_TOTAL=22 export TST_COUNT=1 CPUCTL="/dev/cpuctl" CPUCTL_TMP="/tmp/cpuctl_tmp" SLEEP_SEC=5 # Create $CPUCTL & mount the cgroup file system with cpu controller # clean any group created earlier (if any) setup() -- then tst_resm TFAIL "Err: Init value is not 1024" return 1; fi ps -eo pid,rtprio > /tmp/pids_file1 & pspid=$! wait $pspid cat /tmp/pids_file1 | grep '-' | tr -d '-' | tr -d ' ' | \ grep -v "$pspid" > /tmp/pids_file2 while read pid do task=`cat $CPUCTL/tasks | grep "\b$pid\b"` if [ -z $task ] then tst_resm TFAIL "Err: Some normal tasks aren't in the root group" return 1 fi done < /tmp/pids_file2 } # create a child directory case2 () { -- return 1; fi [ -d "$CPUCTL/tmp" ] || return 1 [ -f "$CPUCTL/tmp/cpu.shares" ] || return 1 shares=`cat $CPUCTL/tmp/cpu.shares` if [ $shares -ne 1024 ] then return 1; fi task=`cat $CPUCTL/tmp/tasks` if [ "$task" != "" ] then return 1 fi } -- if [ $? -ne 0 ] then return 1; fi mkdir $CPUCTL/tmp/tmp1 if [ $? -ne 0 ] then return 1; fi [ -d "$CPUCTL/tmp/tmp1" ] || return 1 [ -f "$CPUCTL/tmp/tmp1/cpu.shares" ] || return 1 shares=`cat $CPUCTL/tmp/tmp1/cpu.shares` if [ $shares -ne 1024 ] then return 1; fi task=`cat $CPUCTL/tmp/tmp1/tasks` if [ "$task" != "" ] then return 1 fi } -- if [ $? -ne 0 ] then return 1; fi echo 1 > $CPUCTL/tmp/tasks if [ $? -ne 0 ] then return 1; fi tasks=`cat $CPUCTL/tmp/tasks` if [ $tasks -ne 1 ] then return 1; fi } -- if [ $? -ne 0 ] then return 1; fi ./cpuctl_fj_simple_echo 3 $CPUCTL/tmp/tasks if [ $? -ne 22 ] # define EINVAL 22 /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /selinux /srv /sys /tmp /usr /var Invalid argument usr/ then return 1; fi tasks=`cat $CPUCTL/tmp/tasks` if [ "$tasks" != "" ] then return 1; fi } -- # echo negative into shares case7 () { mkdir $CPUCTL/tmp ./cpuctl_fj_simple_echo -1 $CPUCTL/tmp/cpu.shares if [ $? -ne 22 ] # define EINVAL 22 /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /selinux /srv /sys /tmp /usr /var Invalid argument usr/ then return 1; fi shares=`cat $CPUCTL/tmp/cpu.shares` if [ $shares -ne 1024 ] then return 1; fi ./cpuctl_fj_cpu-hog & pid=$! echo $pid > $CPUCTL/tmp/tasks /bin/kill -s SIGUSR1 $pid sleep $SLEEP_SEC /bin/kill -s SIGUSR1 $pid wait $pid -- # echo 0 into shares case8 () { mkdir $CPUCTL/tmp echo 0 > $CPUCTL/tmp/cpu.shares if [ $? -ne 0 ] then return 1; fi shares=`cat $CPUCTL/tmp/cpu.shares` if [ $shares -ne 2 ] then return 1; fi ./cpuctl_fj_cpu-hog & pid=$! echo $pid > $CPUCTL/tmp/tasks /bin/kill -s SIGUSR1 $pid sleep $SLEEP_SEC /bin/kill -s SIGUSR1 $pid wait $pid -- # echo 1 into shares case9 () { mkdir $CPUCTL/tmp echo 1 > $CPUCTL/tmp/cpu.shares if [ $? -ne 0 ] then return 1; fi shares=`cat $CPUCTL/tmp/cpu.shares` if [ $shares -ne 2 ] then return 1; fi ./cpuctl_fj_cpu-hog & pid=$! echo $pid > $CPUCTL/tmp/tasks /bin/kill -s SIGUSR1 $pid sleep $SLEEP_SEC /bin/kill -s SIGUSR1 $pid wait $pid -- # echo 2 into shares case10 () { mkdir $CPUCTL/tmp echo 2 > $CPUCTL/tmp/cpu.shares if [ $? -ne 0 ] then return 1; fi shares=`cat $CPUCTL/tmp/cpu.shares` if [ $shares -ne 2 ] then return 1; fi ./cpuctl_fj_cpu-hog & pid=$! echo $pid > $CPUCTL/tmp/tasks /bin/kill -s SIGUSR1 $pid sleep $SLEEP_SEC /bin/kill -s SIGUSR1 $pid wait $pid -- # echo 3 into shares case11 () { mkdir $CPUCTL/tmp echo 3 > $CPUCTL/tmp/cpu.shares if [ $? -ne 0 ] then return 1; fi shares=`cat $CPUCTL/tmp/cpu.shares` if [ $shares -ne 3 ] then return 1; fi ./cpuctl_fj_cpu-hog & pid=$! echo $pid > $CPUCTL/tmp/tasks /bin/kill -s SIGUSR1 $pid sleep $SLEEP_SEC /bin/kill -s SIGUSR1 $pid wait $pid -- # echo 2048 into shares case12 () { mkdir $CPUCTL/tmp echo 2048 > $CPUCTL/tmp/cpu.shares if [ $? -ne 0 ] then return 1; fi shares=`cat $CPUCTL/tmp/cpu.shares` if [ $shares -ne 2048 ] then return 1; fi ./cpuctl_fj_cpu-hog & pid=$! echo $pid > $CPUCTL/tmp/tasks /bin/kill -s SIGUSR1 $pid sleep $SLEEP_SEC /bin/kill -s SIGUSR1 $pid wait $pid -- # echo MAX_SHARES into shares case13 () { mkdir $CPUCTL/tmp echo $max_shares > $CPUCTL/tmp/cpu.shares if [ $? -ne 0 ] then return 1; fi shares=`cat $CPUCTL/tmp/cpu.shares` if [ "$shares" != "$max_shares" ] then return 1; fi ./cpuctl_fj_cpu-hog & pid=$! echo $pid > $CPUCTL/tmp/tasks /bin/kill -s SIGUSR1 $pid sleep $SLEEP_SEC /bin/kill -s SIGUSR1 $pid wait $pid -- # echo MAX_SHARES+1 into shares case14 () { mkdir $CPUCTL/tmp echo $(($max_shares+1)) > $CPUCTL/tmp/cpu.shares if [ $? -ne 0 ] then return 1; fi shares=`cat $CPUCTL/tmp/cpu.shares` if [ "$shares" != "$max_shares" ] then return 1; fi ./cpuctl_fj_cpu-hog & pid=$! echo $pid > $CPUCTL/tmp/tasks /bin/kill -s SIGUSR1 $pid sleep $SLEEP_SEC /bin/kill -s SIGUSR1 $pid wait $pid -- # echo float number into shares case15 () { mkdir $CPUCTL/tmp ./cpuctl_fj_simple_echo 2048.23 $CPUCTL/tmp/cpu.shares if [ $? -ne 22 ] # define EINVAL 22 /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /selinux /srv /sys /tmp /usr /var Invalid argument usr/ then return 1; fi shares=`cat $CPUCTL/tmp/cpu.shares` if [ $shares -ne 1024 ] then return 1; fi ./cpuctl_fj_cpu-hog & pid=$! echo $pid > $CPUCTL/tmp/tasks /bin/kill -s SIGUSR1 $pid sleep $SLEEP_SEC /bin/kill -s SIGUSR1 $pid wait $pid -- # charactor. case16 () { mkdir $CPUCTL/tmp ./cpuctl_fj_simple_echo 2048ABC $CPUCTL/tmp/cpu.shares if [ $? -ne 22 ] # define EINVAL 22 /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /selinux /srv /sys /tmp /usr /var Invalid argument usr/ then return 1; fi shares=`cat $CPUCTL/tmp/cpu.shares` if [ $shares -ne 1024 ] then return 1; fi ./cpuctl_fj_cpu-hog & pid=$! echo $pid > $CPUCTL/tmp/tasks /bin/kill -s SIGUSR1 $pid sleep $SLEEP_SEC /bin/kill -s SIGUSR1 $pid wait $pid -- # echo a string into shares. This string begins with charactors. case17 () { mkdir $CPUCTL/tmp ./cpuctl_fj_simple_echo ABC $CPUCTL/tmp/cpu.shares if [ $? -ne 22 ] # define EINVAL 22 /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /selinux /srv /sys /tmp /usr /var Invalid argument usr/ then return 1; fi shares=`cat $CPUCTL/tmp/cpu.shares` if [ $shares -ne 1024 ] then return 1; fi ./cpuctl_fj_cpu-hog & pid=$! echo $pid > $CPUCTL/tmp/tasks /bin/kill -s SIGUSR1 $pid sleep $SLEEP_SEC /bin/kill -s SIGUSR1 $pid wait $pid;