Cannot change owner if account is executable (#13977)
This commit is contained in:
parent
6ae4d2e5cb
commit
dca579851c
|
@ -30,6 +30,7 @@ adhere to the runtime policy.
|
||||||
The policy is as follows:
|
The policy is as follows:
|
||||||
- Only the owner of the account may change owner.
|
- Only the owner of the account may change owner.
|
||||||
- And only if the account is writable.
|
- And only if the account is writable.
|
||||||
|
- And only if the account is not executable
|
||||||
- And only if the data is zero-initialized or empty.
|
- And only if the data is zero-initialized or empty.
|
||||||
- An account not assigned to the program cannot have its balance decrease.
|
- An account not assigned to the program cannot have its balance decrease.
|
||||||
- The balance of read-only and executable accounts may not change.
|
- The balance of read-only and executable accounts may not change.
|
||||||
|
|
|
@ -80,9 +80,11 @@ impl PreAccount {
|
||||||
) -> Result<(), InstructionError> {
|
) -> Result<(), InstructionError> {
|
||||||
// Only the owner of the account may change owner and
|
// Only the owner of the account may change owner and
|
||||||
// only if the account is writable and
|
// only if the account is writable and
|
||||||
|
// only if the account is not executable and
|
||||||
// only if the data is zero-initialized or empty
|
// only if the data is zero-initialized or empty
|
||||||
if self.owner != post.owner
|
if self.owner != post.owner
|
||||||
&& (!self.is_writable // line coverage used to get branch coverage
|
&& (!self.is_writable // line coverage used to get branch coverage
|
||||||
|
|| self.is_executable
|
||||||
|| *program_id != self.owner
|
|| *program_id != self.owner
|
||||||
|| !Self::is_zeroed(&post.data))
|
|| !Self::is_zeroed(&post.data))
|
||||||
{
|
{
|
||||||
|
@ -994,6 +996,15 @@ mod tests {
|
||||||
Ok(()),
|
Ok(()),
|
||||||
"mallory should be able to change the account owner, if she leaves clear data"
|
"mallory should be able to change the account owner, if she leaves clear data"
|
||||||
);
|
);
|
||||||
|
assert_eq!(
|
||||||
|
Change::new(&mallory_program_id, &mallory_program_id)
|
||||||
|
.owner(&alice_program_id)
|
||||||
|
.executable(true, true)
|
||||||
|
.data(vec![42], vec![0])
|
||||||
|
.verify(),
|
||||||
|
Err(InstructionError::ModifiedProgramId),
|
||||||
|
"mallory should not be able to change the account owner, if the account executable"
|
||||||
|
);
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
Change::new(&mallory_program_id, &mallory_program_id)
|
Change::new(&mallory_program_id, &mallory_program_id)
|
||||||
.owner(&alice_program_id)
|
.owner(&alice_program_id)
|
||||||
|
|
Loading…
Reference in New Issue