From 7e5002e3d6038b69e23f6c1982caf20cd62139f7 Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Wed, 8 Nov 2023 07:04:33 -0500
Subject: [PATCH] makefs/zfs: Add a regression test which checks file access
 permissions

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
---
 usr.sbin/makefs/tests/makefs_zfs_tests.sh | 44 +++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/usr.sbin/makefs/tests/makefs_zfs_tests.sh b/usr.sbin/makefs/tests/makefs_zfs_tests.sh
index 1811b1bc8a8c..6e20ae33b354 100644
--- a/usr.sbin/makefs/tests/makefs_zfs_tests.sh
+++ b/usr.sbin/makefs/tests/makefs_zfs_tests.sh
@@ -794,6 +794,49 @@ used_space_props_cleanup()
 	common_cleanup
 }
 
+# Verify that file permissions are set properly.  Make sure that non-executable
+# files can't be executed.
+atf_test_case perms cleanup
+perms_body()
+{
+	local mode
+
+	create_test_dirs
+	cd $TEST_INPUTS_DIR
+
+	for mode in $(seq 0 511); do
+		mode=$(printf "%04o\n" $mode)
+		echo 'echo a' > $mode
+		atf_check chmod $mode $mode
+	done
+
+	cd -
+
+	atf_check $MAKEFS -s 1g -o rootpath=/ -o poolname=$ZFS_POOL_NAME \
+	    $TEST_IMAGE $TEST_INPUTS_DIR
+
+	import_image
+
+	check_image_contents
+
+	for mode in $(seq 0 511); do
+		mode=$(printf "%04o\n" $mode)
+		if [ $(($mode & 0111)) -eq 0 ]; then
+			atf_check -s not-exit:0 -e match:"Permission denied" \
+			    ${TEST_INPUTS_DIR}/$mode
+		fi
+		if [ $(($mode & 0001)) -eq 0 ]; then
+			atf_check -s not-exit:0 -e match:"Permission denied" \
+			    su -m tests -c ${TEST_INPUTS_DIR}/$mode
+		fi
+	done
+
+}
+perms_cleanup()
+{
+	common_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case autoexpand
@@ -817,6 +860,7 @@ atf_init_test_cases()
 	atf_add_test_case soft_links
 	atf_add_test_case root_props
 	atf_add_test_case used_space_props
+	atf_add_test_case perms
 
 	# XXXMJ tests:
 	# - test with different ashifts (at least, 9 and 12), different image sizes