Added database protection with setuid.

Added the initial support for the database protection with the setuid mechanism. In the beginning the program creates(or opens) the database as a special user, and then switches to the real uid and functions normally.
2025-04-01 19:34:15 +02:00
parent 291ad62897
commit 4c8092378b
4 changed files with 83 additions and 12 deletions
--- a/test/test.bash
+++ b/test/test.bash
@@ -16,9 +16,23 @@ PATH="$(realpath ./mock/):$PATH"
 # mount the filesystem

 echo "Run $(date -u +%Y-%m-%dT%H:%M:%S) "
-valgrind -s ../build/icfs -o default_permissions ./protected &
+if [[ $1 == "--setuid" ]]; then
+  echo "Setting the setuid bit..."
+  echo "root privilieges are required to create a special user and set correct ownership of the executable."
+  id -u icfs &>/dev/null || sudo useradd --system --user-group icfs
+  sudo chown icfs: ../build/icfs && sudo chmod 4777 ../build/icfs
+  chmod g+w . # needed for icfs to be able to create the database
+  echo "Valgrind will not be used due to setuid compatibility issues."
+  ../build/icfs -o default_permissions ./protected &
+  sleep 1
+else
+  echo "Database protection will not be tested due to the lack of setuid capabilites."
+  echo "To test it, run this script with '--setuid'."
+  valgrind -s ../build/icfs -o default_permissions ./protected &
+  sleep 5
+fi

-sleep 5
+#valgrind -s ../build/icfs -o default_permissions ./protected &

 # WARN: please don't use `>` or `>>` operators. They force **this script** to open the file, **not the program you are trying to run**. This is probably not what you mean when you want to test a specific program's access.
 # WARN: avoid using touch, since it generates errors because setting times is not implemented in icfs **yet**.