From ac758b767de4e398635474101a025a199054fbda Mon Sep 17 00:00:00 2001 From: Rich Trott Date: Tue, 31 May 2016 15:55:08 -0700 Subject: [PATCH 1/4] test: add test for uid/gid setting in spawn Remove a disabled test in favor of one that expects an error. This validates (somewhat) that the underlying code is calling the correct system call for setting UID and GID. Unlike the formerly disabled test, it does not try to validate that the system UID/GID setting works. --- test/disabled/test-child-process-uid-gid.js | 60 --------------------- test/parallel/test-child-process-uid-gid.js | 16 ++++++ 2 files changed, 16 insertions(+), 60 deletions(-) delete mode 100644 test/disabled/test-child-process-uid-gid.js create mode 100644 test/parallel/test-child-process-uid-gid.js diff --git a/test/disabled/test-child-process-uid-gid.js b/test/disabled/test-child-process-uid-gid.js deleted file mode 100644 index 90708bc2ca4016..00000000000000 --- a/test/disabled/test-child-process-uid-gid.js +++ /dev/null @@ -1,60 +0,0 @@ -'use strict'; -var common = require('../common'); -var assert = require('assert'); -var spawn = require('child_process').spawn; -var fs = require('fs'); - -var myUid = process.getuid(); -var myGid = process.getgid(); - -if (myUid != 0) { - console.error('must be run as root, otherwise the gid/uid setting will' + - ' fail.'); - process.exit(1); -} - -// get a different user. -// don't care who it is, as long as it's not root -var passwd = fs.readFileSync('/etc/passwd', 'utf8'); -passwd = passwd.trim().split(/\n/); - -for (var i = 0, l = passwd.length; i < l; i++) { - if (passwd[i].charAt(0) === '#') continue; - passwd[i] = passwd[i].split(':'); - var otherName = passwd[i][0]; - var otherUid = +passwd[i][2]; - var otherGid = +passwd[i][3]; - if (otherUid && otherUid !== myUid && - otherGid && otherGid !== myGid && - otherUid > 0) { - break; - } -} -if (!otherUid && !otherGid) throw new Error('failed getting passwd info.'); - -console.error('name, id, gid = %j', [otherName, otherUid, otherGid]); - -var whoNumber = spawn('id', [], { uid: otherUid, gid: otherGid }); -var whoName = spawn('id', [], { uid: otherName, gid: otherGid }); - -whoNumber.stdout.buf = 'byNumber:'; -whoName.stdout.buf = 'byName:'; -whoNumber.stdout.on('data', onData); -whoName.stdout.on('data', onData); -function onData(c) { this.buf += c; } - -whoNumber.on('exit', onExit); -whoName.on('exit', onExit); - -function onExit(code) { - var buf = this.stdout.buf; - console.log(buf); - var expr = new RegExp('^(byName|byNumber):uid=' + - otherUid + - '\\(' + - otherName + - '\\) gid=' + - otherGid + - '\\('); - assert.ok(buf.match(expr), 'uid and gid should match ' + otherName); -} diff --git a/test/parallel/test-child-process-uid-gid.js b/test/parallel/test-child-process-uid-gid.js new file mode 100644 index 00000000000000..a4c4dc8c0d7f26 --- /dev/null +++ b/test/parallel/test-child-process-uid-gid.js @@ -0,0 +1,16 @@ +'use strict'; +const common = require('../common'); +const assert = require('assert'); +const spawn = require('child_process').spawn; +const fs = require('fs'); + +const uid = 0; +const gid = 0; + +assert.throws(() => { + spawn('echo', ['fhqwhgads'], {uid: 0}); +}, /EPERM/, 'Setting UID should throw EPERM for unprivileged users.'); + +assert.throws(() => { + spawn('echo', ['fhqwhgads'], {gid: 0}); +}, /EPERM/, 'Setting GID should throw EPERM for unprivileged users.'); From 98977ea551f7579b81d21e0daedc52f57d6fa96b Mon Sep 17 00:00:00 2001 From: Rich Trott Date: Tue, 31 May 2016 16:15:25 -0700 Subject: [PATCH 2/4] squash: lint issues --- test/parallel/test-child-process-uid-gid.js | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/test/parallel/test-child-process-uid-gid.js b/test/parallel/test-child-process-uid-gid.js index a4c4dc8c0d7f26..89de091601fab4 100644 --- a/test/parallel/test-child-process-uid-gid.js +++ b/test/parallel/test-child-process-uid-gid.js @@ -1,11 +1,7 @@ 'use strict'; -const common = require('../common'); +require('../common'); const assert = require('assert'); const spawn = require('child_process').spawn; -const fs = require('fs'); - -const uid = 0; -const gid = 0; assert.throws(() => { spawn('echo', ['fhqwhgads'], {uid: 0}); From a20a272836ea39bb33f420be04ca85a10c985440 Mon Sep 17 00:00:00 2001 From: Rich Trott Date: Thu, 2 Jun 2016 15:48:12 -0700 Subject: [PATCH 3/4] squash: EPERM vs ENOTSUP --- test/parallel/test-child-process-uid-gid.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/test/parallel/test-child-process-uid-gid.js b/test/parallel/test-child-process-uid-gid.js index 89de091601fab4..ce8b2deb8d7c1d 100644 --- a/test/parallel/test-child-process-uid-gid.js +++ b/test/parallel/test-child-process-uid-gid.js @@ -1,12 +1,14 @@ 'use strict'; -require('../common'); +const common = require('../common'); const assert = require('assert'); const spawn = require('child_process').spawn; +const expectedError = common.isWindows ? /\bENOTSUP\b/ : /\bEPERM\b/; + assert.throws(() => { spawn('echo', ['fhqwhgads'], {uid: 0}); -}, /EPERM/, 'Setting UID should throw EPERM for unprivileged users.'); +}, expectedError, 'Setting UID should throw EPERM for unprivileged users.'); assert.throws(() => { spawn('echo', ['fhqwhgads'], {gid: 0}); -}, /EPERM/, 'Setting GID should throw EPERM for unprivileged users.'); +}, expectedError, 'Setting GID should throw EPERM for unprivileged users.'); From 5a7c5dfdd7a81f1828bafe035f963f807c34789c Mon Sep 17 00:00:00 2001 From: Rich Trott Date: Fri, 3 Jun 2016 13:40:38 -0700 Subject: [PATCH 4/4] squash: message --- test/parallel/test-child-process-uid-gid.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/parallel/test-child-process-uid-gid.js b/test/parallel/test-child-process-uid-gid.js index ce8b2deb8d7c1d..220cae633e112f 100644 --- a/test/parallel/test-child-process-uid-gid.js +++ b/test/parallel/test-child-process-uid-gid.js @@ -7,8 +7,8 @@ const expectedError = common.isWindows ? /\bENOTSUP\b/ : /\bEPERM\b/; assert.throws(() => { spawn('echo', ['fhqwhgads'], {uid: 0}); -}, expectedError, 'Setting UID should throw EPERM for unprivileged users.'); +}, expectedError); assert.throws(() => { spawn('echo', ['fhqwhgads'], {gid: 0}); -}, expectedError, 'Setting GID should throw EPERM for unprivileged users.'); +}, expectedError);