git.samba.org - herb/samba-autobuild/.git/commit

author	Tim Beale <timbeale@catalyst.net.nz>
	Fri, 15 Mar 2019 02:20:21 +0000 (15:20 +1300)
committer	Karolin Seeger <kseeger@samba.org>
	Fri, 5 Apr 2019 08:14:36 +0000 (10:14 +0200)
commit	c25ee5bd463d2d433a1b0a868e5d63e3490bc7fd
tree	2fdd73c2edf9873152cc9688c3f412c787989d67	tree
parent	16fa173a144674a8d1d5b5f143bf95939f4f1903	commit \| diff

CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten

The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).

As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.

This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

python/samba/tests/ntacls_backup.py		diff \| blob \| history
python/samba/tests/posixacl.py		diff \| blob \| history
python/samba/tests/smbd_base.py	[new file with mode: 0644]	blob
selftest/knownfail.d/umask-leak	[new file with mode: 0644]	blob