summaryrefslogtreecommitdiff
path: root/lib/spack/spack/test/permissions.py
blob: 841595c516410b296cf033183a60203c61cfad8a (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

# Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
# Spack Project Developers. See the top-level COPYRIGHT file for details.
#
# SPDX-License-Identifier: (Apache-2.0 OR MIT)

import os
import stat

import pytest

import llnl.util.filesystem as fs

from spack.util.file_permissions import InvalidPermissionsError, set_permissions

pytestmark = pytest.mark.not_on_windows("chmod unsupported on Windows")


def ensure_known_group(path):
    """Ensure that the group of a file is one that's actually in our group list.

    On systems with remote groups, the primary user group may be remote and may not
    exist on the local system (i.e., it might just be a number). Trying to use chmod to
    setgid can fail silently in situations like this.
    """
    uid = os.getuid()
    gid = fs.group_ids(uid)[0]
    os.chown(path, uid, gid)


def test_chmod_real_entries_ignores_suid_sgid(tmpdir):
    path = str(tmpdir.join("file").ensure())
    mode = stat.S_ISUID | stat.S_ISGID | stat.S_ISVTX
    os.chmod(path, mode)
    mode = os.stat(path).st_mode  # adds a high bit we aren't concerned with

    perms = stat.S_IRWXU
    set_permissions(path, perms)

    assert os.stat(path).st_mode == mode | perms & ~stat.S_IXUSR


def test_chmod_rejects_group_writable_suid(tmpdir):
    path = str(tmpdir.join("file").ensure())
    mode = stat.S_ISUID
    fs.chmod_x(path, mode)

    perms = stat.S_IWGRP
    with pytest.raises(InvalidPermissionsError):
        set_permissions(path, perms)


def test_chmod_rejects_world_writable_suid(tmpdir):
    path = str(tmpdir.join("file").ensure())
    mode = stat.S_ISUID
    fs.chmod_x(path, mode)

    perms = stat.S_IWOTH
    with pytest.raises(InvalidPermissionsError):
        set_permissions(path, perms)


def test_chmod_rejects_world_writable_sgid(tmpdir):
    path = str(tmpdir.join("file").ensure())
    ensure_known_group(path)

    mode = stat.S_ISGID
    fs.chmod_x(path, mode)

    perms = stat.S_IWOTH
    with pytest.raises(InvalidPermissionsError):
        set_permissions(path, perms)
generated by cgit v1.2.3-60-g2f50 (git 2.42.0) at 2024-06-01 19:20:25 +0000