274f7445fd
This test utility attempts to evaluate the current kernel policy
for authorization inter-process activities, currently ptrace(),
kill(, SIGHUP), getpriority(), and setpriority(). The utility creates
pairs of processes, initializes their credential sets to useful
cases, and reports on whether the results are in keeping with hard-coded
safety expectations.
o Currently, this utility relies on the availability of __setugid(),
an uncomitted system call used for managing the P_SUGID bit. Due to
continuing discussion of optional regression testing kernel components
("options REGRESSION") I'll hold off on committing that until the
discussion has reached its natural termination.
o A number of additional testing factors should be taken into account
in the testing, including tests for different classes of signals,
interactions with process session characteristics, I/O signalling,
broadcast activities such as broadcast signalling, mass priority
setting, and to take into group-related aspects of credentials.
Additional operations should also be taken into account, such as ktrace,
debugging attach using procfs, and so on.
o This testing suite is intended to prevent the introduction of bugs
in the upcoming sets of authorization changes associated with the
introduction of process capabilities and mandatory access control.
Obtained from: TrustedBSD Project
66 lines
2.0 KiB
C
66 lines
2.0 KiB
C
/*-
|
|
* Copyright (c) 2001 Robert N. M. Watson
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <stdio.h>
|
|
#include <unistd.h>
|
|
|
|
#include "scenario.h"
|
|
|
|
int
|
|
main(int argc, char *argv[])
|
|
{
|
|
int error;
|
|
|
|
fprintf(stderr, "test capabilities: ");
|
|
#ifdef SETSUGID_SUPPORTED
|
|
fprintf(stderr, "[SETSUGID_SUPPORTED] ");
|
|
#endif
|
|
#ifdef SETSUGID_SUPPORTED_BUT_NO_LIBC_STUB
|
|
fprintf(stderr, "[SETSUGID_SUPPORTED_BUT_NO_LIBC_STUB] ");
|
|
#endif
|
|
#ifdef CHECK_CRED_SET
|
|
fprintf(stderr, "[CHECK_CRED_SET] ");
|
|
#endif
|
|
fprintf(stderr, "\n");
|
|
|
|
error = setugid(1);
|
|
if (error) {
|
|
perror("setugid");
|
|
fprintf(stderr,
|
|
"This test suite requires options REGRESSION\n");
|
|
return (-1);
|
|
}
|
|
|
|
enact_scenarios();
|
|
|
|
return (0);
|
|
}
|
|
|