o First pass at an inter-process authorization regression testing suite.
This test utility attempts to evaluate the current kernel policy for authorization inter-process activities, currently ptrace(), kill(, SIGHUP), getpriority(), and setpriority(). The utility creates pairs of processes, initializes their credential sets to useful cases, and reports on whether the results are in keeping with hard-coded safety expectations. o Currently, this utility relies on the availability of __setugid(), an uncomitted system call used for managing the P_SUGID bit. Due to continuing discussion of optional regression testing kernel components ("options REGRESSION") I'll hold off on committing that until the discussion has reached its natural termination. o A number of additional testing factors should be taken into account in the testing, including tests for different classes of signals, interactions with process session characteristics, I/O signalling, broadcast activities such as broadcast signalling, mass priority setting, and to take into group-related aspects of credentials. Additional operations should also be taken into account, such as ktrace, debugging attach using procfs, and so on. o This testing suite is intended to prevent the introduction of bugs in the upcoming sets of authorization changes associated with the introduction of process capabilities and mandatory access control. Obtained from: TrustedBSD Project
This commit is contained in:
parent
2fea957dc5
commit
274f7445fd
12
tools/regression/security/proc_to_proc/Makefile
Normal file
12
tools/regression/security/proc_to_proc/Makefile
Normal file
@ -0,0 +1,12 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PROG= testuid
|
||||
NOMAN= yes
|
||||
|
||||
#ADDITIONAL_FLAGS=-DSETSUGID_SUPPORTED
|
||||
#ADDITIONAL_FLAGS= -DSETSUGID_SUPPORTED_BUT_NO_LIBC_STUB
|
||||
ADDITIONAL_FLAGS+= -DCHECK_CRED_SET
|
||||
CFLAGS+= ${ADDITIONAL_FLAGS}
|
||||
SRCS= testuid.c scenario.c
|
||||
|
||||
.include <bsd.prog.mk>
|
53
tools/regression/security/proc_to_proc/README
Normal file
53
tools/regression/security/proc_to_proc/README
Normal file
@ -0,0 +1,53 @@
|
||||
$FreeBSD$
|
||||
|
||||
Inter-Process Authorization Test Suite
|
||||
Robert Watson, TrustedBSD Project
|
||||
|
||||
This test suite attempts to determine the behavior of inter-process
|
||||
authorization policy present in the kernel. It analyzes a series of
|
||||
important scenarios using specifically crafted process credentials
|
||||
and a set of operations. It then reports on any divergence from the
|
||||
expected results.
|
||||
|
||||
Test operations:
|
||||
|
||||
ptrace cred1 attempts ptrace attach to cred2
|
||||
signal cred1 attempts SIGHUP of cred2
|
||||
see cred1 attempts getpriority() on cred2
|
||||
sched cred1 attempts setpriority() on cred2
|
||||
|
||||
Test scenarioes:
|
||||
|
||||
priv on priv root process on another root process
|
||||
priv on unpriv1 root process on a non-root process
|
||||
unpriv1 on priv non-root process on a root process
|
||||
unpriv1 on unpriv1 non-root process on a similar non-root process
|
||||
unpriv1 on unpriv2 non-root process on a different non-root process
|
||||
unpriv1 on daemon1 non-root process on a root daemon process acting with
|
||||
same non-root effective credentials
|
||||
unpriv1 on daemon2 non-root process on a root daemon process acting with
|
||||
different non-root effective credentials
|
||||
unpriv1 on setuid1 non-root process on a setuid-root process with same
|
||||
non-root real credentials
|
||||
unpriv1 on setuid2 non-root process on a setuid-root process with
|
||||
different non-root real credentials
|
||||
|
||||
The credential elements supported by the test suite are:
|
||||
|
||||
effective uid
|
||||
real uid
|
||||
saved uid
|
||||
P_SUGID flag
|
||||
|
||||
Other untested aspects of interest include groups, as well as session
|
||||
relationship. Other test operations that might be of interest are SIGCONT,
|
||||
SIGIO, and SIGSEGV.
|
||||
|
||||
The current set of tests includes some tests where normally the P_SUGID
|
||||
flag is set, but isn't in the test. The result is that some tests fail
|
||||
that may not reflect real-world software configurations. However, they
|
||||
do point to possible changes that could be made in the authorization system
|
||||
to improve resilience to failure or violation of invariants.
|
||||
|
||||
These tests rely on __setugid(), a system call enabled using options
|
||||
REGRESSION.
|
399
tools/regression/security/proc_to_proc/scenario.c
Normal file
399
tools/regression/security/proc_to_proc/scenario.c
Normal file
@ -0,0 +1,399 @@
|
||||
/*-
|
||||
* Copyright (c) 2001 Robert N. M. Watson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/ptrace.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/resource.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <sys/wait.h>
|
||||
|
||||
#include <assert.h>
|
||||
#include <errno.h>
|
||||
#include <signal.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
/*
|
||||
* Relevant parts of a process credential.
|
||||
*/
|
||||
struct cred {
|
||||
uid_t cr_euid, cr_ruid, cr_svuid;
|
||||
int cr_issetugid;
|
||||
};
|
||||
|
||||
/*
|
||||
* Description of a scenario.
|
||||
*/
|
||||
struct scenario {
|
||||
struct cred *sc_cred1, *sc_cred2; /* credentials of p1 and p2 */
|
||||
int sc_candebug_errno; /* desired ptrace failure */
|
||||
int sc_cansignal_errno; /* desired SIGHUP failure */
|
||||
int sc_cansee_errno; /* desired getprio failure */
|
||||
int sc_cansched_errno; /* desired setprio failure */
|
||||
char *sc_name; /* test name */
|
||||
};
|
||||
|
||||
/*
|
||||
* Table of relevant credential combinations.
|
||||
*/
|
||||
static struct cred creds[] = {
|
||||
/* euid ruid svuid issetugid */
|
||||
/* 0 */ { 0, 0, 0, 0 }, /* privileged */
|
||||
/* 1 */ { 0, 0, 0, 1 }, /* privileged + issetugid */
|
||||
/* 2 */ { 1000, 1000, 1000, 0 }, /* unprivileged1 */
|
||||
/* 3 */ { 1000, 1000, 1000, 1 }, /* unprivileged1 + issetugid */
|
||||
/* 4 */ { 1001, 1001, 1001, 0 }, /* unprivileged2 */
|
||||
/* 5 */ { 1001, 1001, 1001, 1 }, /* unprivileged2 + issetugid */
|
||||
/* 6 */ { 1000, 0, 0, 0 }, /* daemon1 */
|
||||
/* 7 */ { 1000, 0, 0, 1 }, /* daemon1 + issetugid */
|
||||
/* 8 */ { 1001, 0, 0, 0 }, /* daemon2 */
|
||||
/* 9 */ { 1001, 0, 0, 1 }, /* daemon2 + issetugid */
|
||||
/* 10 */{ 0, 1000, 1000, 0 }, /* setuid1 */
|
||||
/* 11 */{ 0, 1000, 1000, 1 }, /* setuid1 + issetugid */
|
||||
/* 12 */{ 0, 1001, 1001, 0 }, /* setuid2 */
|
||||
/* 13 */{ 0, 1001, 1001, 1 }, /* setuid2 + issetugid */
|
||||
};
|
||||
|
||||
/*
|
||||
* Table of scenarios.
|
||||
*/
|
||||
static const struct scenario scenarios[] = {
|
||||
/* cred1 cred2 debug signal see sched name */
|
||||
{ &creds[0], &creds[0], 0, 0, 0, 0, "0. priv on priv"},
|
||||
{ &creds[0], &creds[1], 0, 0, 0, 0, "1. priv on priv"},
|
||||
{ &creds[1], &creds[0], 0, 0, 0, 0, "2. priv on priv"},
|
||||
{ &creds[1], &creds[1], 0, 0, 0, 0, "3. priv on priv"},
|
||||
/* privileged on unprivileged */
|
||||
{ &creds[0], &creds[2], 0, 0, 0, 0, "4. priv on unpriv1"},
|
||||
{ &creds[0], &creds[3], 0, 0, 0, 0, "5. priv on unpriv1"},
|
||||
{ &creds[1], &creds[2], 0, 0, 0, 0, "6. priv on unpriv1"},
|
||||
{ &creds[1], &creds[3], 0, 0, 0, 0, "7. priv on unpriv1"},
|
||||
/* unprivileged on privileged */
|
||||
{ &creds[2], &creds[0], EPERM, EPERM, 0, EPERM, "8. unpriv1 on priv"},
|
||||
{ &creds[2], &creds[1], EPERM, EPERM, 0, EPERM, "9. unpriv1 on priv"},
|
||||
{ &creds[3], &creds[0], EPERM, EPERM, 0, EPERM, "10. unpriv1 on priv"},
|
||||
{ &creds[3], &creds[1], EPERM, EPERM, 0, EPERM, "11. unpriv1 on priv"},
|
||||
/* unprivileged on same unprivileged */
|
||||
{ &creds[2], &creds[2], 0, 0, 0, 0, "12. unpriv1 on unpriv1"},
|
||||
{ &creds[2], &creds[3], EPERM, 0, 0, 0, "13. unpriv1 on unpriv1"},
|
||||
{ &creds[3], &creds[2], 0, 0, 0, 0, "14. unpriv1 on unpriv1"},
|
||||
{ &creds[3], &creds[3], EPERM, 0, 0, 0, "15. unpriv1 on unpriv1"},
|
||||
/* unprivileged on different unprivileged */
|
||||
{ &creds[2], &creds[4], EPERM, EPERM, 0, EPERM, "16. unpriv1 on unpriv2"},
|
||||
{ &creds[2], &creds[5], EPERM, EPERM, 0, EPERM, "17. unpriv1 on unpriv2"},
|
||||
{ &creds[3], &creds[4], EPERM, EPERM, 0, EPERM, "18. unpriv1 on unpriv2"},
|
||||
{ &creds[3], &creds[5], EPERM, EPERM, 0, EPERM, "19. unpriv1 on unpriv2"},
|
||||
/* unprivileged on daemon, same */
|
||||
{ &creds[2], &creds[6], EPERM, EPERM, 0, EPERM, "20. unpriv1 on daemon1"},
|
||||
{ &creds[2], &creds[7], EPERM, EPERM, 0, EPERM, "21. unpriv1 on daemon1"},
|
||||
{ &creds[3], &creds[6], EPERM, EPERM, 0, EPERM, "22. unpriv1 on daemon1"},
|
||||
{ &creds[3], &creds[7], EPERM, EPERM, 0, EPERM, "23. unpriv1 on daemon1"},
|
||||
/* unprivileged on daemon, different */
|
||||
{ &creds[2], &creds[8], EPERM, EPERM, 0, EPERM, "24. unpriv1 on daemon2"},
|
||||
{ &creds[2], &creds[9], EPERM, EPERM, 0, EPERM, "25. unpriv1 on daemon2"},
|
||||
{ &creds[3], &creds[8], EPERM, EPERM, 0, EPERM, "26. unpriv1 on daemon2"},
|
||||
{ &creds[3], &creds[9], EPERM, EPERM, 0, EPERM, "27. unpriv1 on daemon2"},
|
||||
/* unprivileged on setuid, same */
|
||||
{ &creds[2], &creds[10], EPERM, 0, 0, 0, "28. unpriv1 on setuid1"},
|
||||
{ &creds[2], &creds[11], EPERM, 0, 0, 0, "29. unpriv1 on setuid1"},
|
||||
{ &creds[3], &creds[10], EPERM, 0, 0, 0, "30. unpriv1 on setuid1"},
|
||||
{ &creds[3], &creds[11], EPERM, 0, 0, 0, "31. unpriv1 on setuid1"},
|
||||
/* unprivileged on setuid, different */
|
||||
{ &creds[2], &creds[12], EPERM, EPERM, 0, EPERM, "32. unpriv1 on setuid2"},
|
||||
{ &creds[2], &creds[13], EPERM, EPERM, 0, EPERM, "33. unpriv1 on setuid2"},
|
||||
{ &creds[3], &creds[12], EPERM, EPERM, 0, EPERM, "34. unpriv1 on setuid2"},
|
||||
{ &creds[3], &creds[13], EPERM, EPERM, 0, EPERM, "35. unpriv1 on setuid2"},
|
||||
};
|
||||
int scenarios_count = sizeof(scenarios) / sizeof(struct scenario);
|
||||
|
||||
/*
|
||||
* Convert an error number to a compact string representation. For now,
|
||||
* implement only the error numbers we are likely to see.
|
||||
*/
|
||||
static char *
|
||||
errno_to_string(int error)
|
||||
{
|
||||
|
||||
switch (error) {
|
||||
case EPERM:
|
||||
return ("EPERM");
|
||||
case EACCES:
|
||||
return ("EACCES");
|
||||
case EINVAL:
|
||||
return ("EINVAL");
|
||||
case ENOSYS:
|
||||
return ("ENOSYS");
|
||||
case ESRCH:
|
||||
return ("ESRCH");
|
||||
case 0:
|
||||
return ("0");
|
||||
default:
|
||||
return ("unknown");
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Return a process credential describing the current process.
|
||||
*/
|
||||
static int
|
||||
cred_get(struct cred *cred)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = getresuid(&cred->cr_ruid, &cred->cr_euid, &cred->cr_svuid);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
cred->cr_issetugid = issetugid();
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Userland stub for __setsugid() to take into account possible presence
|
||||
* in C library, kernel, et al.
|
||||
*/
|
||||
int
|
||||
setugid(int flag)
|
||||
{
|
||||
|
||||
#ifdef SETSUGID_SUPPORTED
|
||||
return (__setugid(flag));
|
||||
#else
|
||||
#ifdef SETSUGID_SUPPORTED_BUT_NO_LIBC_STUB
|
||||
return (syscall(374, flag));
|
||||
#else
|
||||
return (ENOSYS);
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Set the current process's credentials to match the passed credential.
|
||||
*/
|
||||
static int
|
||||
cred_set(struct cred *cred)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = setresuid(cred->cr_ruid, cred->cr_euid, cred->cr_svuid);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
error = setugid(cred->cr_issetugid);
|
||||
if (error) {
|
||||
perror("__setugid");
|
||||
return (error);
|
||||
}
|
||||
|
||||
#ifdef CHECK_CRED_SET
|
||||
{
|
||||
uid_t ruid, euid, svuid;
|
||||
error = getresuid(&ruid, &euid, &svuid);
|
||||
if (error) {
|
||||
perror("getresuid");
|
||||
return (-1);
|
||||
}
|
||||
assert(ruid == cred->cr_ruid);
|
||||
assert(euid == cred->cr_euid);
|
||||
assert(svuid == cred->cr_svuid);
|
||||
assert(cred->cr_issetugid == issetugid());
|
||||
}
|
||||
#endif /* !CHECK_CRED_SET */
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Print the passed process credential to the passed I/O stream.
|
||||
*/
|
||||
static void
|
||||
cred_print(FILE *output, struct cred *cred)
|
||||
{
|
||||
|
||||
fprintf(output, "(e:%d r:%d s:%d P_SUGID:%d)", cred->cr_euid,
|
||||
cred->cr_ruid, cred->cr_svuid, cred->cr_issetugid);
|
||||
}
|
||||
|
||||
#define LOOP_PTRACE 0
|
||||
#define LOOP_SIGNAL 1
|
||||
#define LOOP_SEE 2
|
||||
#define LOOP_SCHED 3
|
||||
#define LOOP_MAX LOOP_SCHED
|
||||
|
||||
/*
|
||||
* Enact a scenario by looping through the four test cases for the scenario,
|
||||
* spawning off pairs of processes with the desired credentials, and
|
||||
* reporting results to stdout.
|
||||
*/
|
||||
static int
|
||||
enact_scenario(int scenario)
|
||||
{
|
||||
pid_t pid1, pid2;
|
||||
char *name;
|
||||
int error, desirederror, loop;
|
||||
|
||||
for (loop = 0; loop < LOOP_MAX+1; loop++) {
|
||||
/*
|
||||
* Spawn the first child, target of the operation.
|
||||
*/
|
||||
pid1 = fork();
|
||||
switch (pid1) {
|
||||
case -1:
|
||||
return (-1);
|
||||
case 0:
|
||||
/* child */
|
||||
error = cred_set(scenarios[scenario].sc_cred2);
|
||||
if (error) {
|
||||
perror("cred_set");
|
||||
return (error);
|
||||
}
|
||||
/* 200 seconds should be plenty of time. */
|
||||
sleep(200);
|
||||
exit(0);
|
||||
default:
|
||||
/* parent */
|
||||
}
|
||||
|
||||
/*
|
||||
* XXX
|
||||
* This really isn't ideal -- give proc 1 a chance to set
|
||||
* its credentials, or we may get spurious errors. Really,
|
||||
* some for of IPC should be used to allow the parent to
|
||||
* wait for the first child to be ready before spawning
|
||||
* the second child.
|
||||
*/
|
||||
sleep(1);
|
||||
|
||||
/*
|
||||
* Spawn the second child, source of the operation.
|
||||
*/
|
||||
pid2 = fork();
|
||||
switch (pid2) {
|
||||
case -1:
|
||||
return (-1);
|
||||
|
||||
case 0:
|
||||
/* child */
|
||||
error = cred_set(scenarios[scenario].sc_cred1);
|
||||
if (error) {
|
||||
perror("cred_set");
|
||||
return (error);
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialize errno to zero so as to catch any
|
||||
* generated errors. In each case, perform the
|
||||
* operation. Preserve the error number for later
|
||||
* use so it doesn't get stomped on by any I/O.
|
||||
* Determine the desired error for the given case
|
||||
* by extracting it from the scenario table.
|
||||
* Initialize a function name string for output
|
||||
* prettiness.
|
||||
*/
|
||||
errno = 0;
|
||||
switch (loop) {
|
||||
case LOOP_PTRACE:
|
||||
error = ptrace(PT_ATTACH, pid1, NULL, 0);
|
||||
error = errno;
|
||||
name = "ptrace";
|
||||
desirederror =
|
||||
scenarios[scenario].sc_candebug_errno;
|
||||
break;
|
||||
case LOOP_SIGNAL:
|
||||
error = kill(pid1, SIGHUP);
|
||||
error = errno;
|
||||
name = "signal";
|
||||
desirederror =
|
||||
scenarios[scenario].sc_cansignal_errno;
|
||||
break;
|
||||
case LOOP_SEE:
|
||||
getpriority(PRIO_PROCESS, pid1);
|
||||
error = errno;
|
||||
name = "see";
|
||||
desirederror =
|
||||
scenarios[scenario].sc_cansee_errno;
|
||||
break;
|
||||
case LOOP_SCHED:
|
||||
error = setpriority(PRIO_PROCESS, pid1,
|
||||
0);
|
||||
error = errno;
|
||||
name = "sched";
|
||||
desirederror =
|
||||
scenarios[scenario].sc_cansched_errno;
|
||||
break;
|
||||
default:
|
||||
name = "broken";
|
||||
}
|
||||
|
||||
if (error != desirederror) {
|
||||
fprintf(stdout,
|
||||
"[%s].%s: expected %s, got %s\n ",
|
||||
scenarios[scenario].sc_name, name,
|
||||
errno_to_string(desirederror),
|
||||
errno_to_string(error));
|
||||
cred_print(stdout,
|
||||
scenarios[scenario].sc_cred1);
|
||||
cred_print(stdout,
|
||||
scenarios[scenario].sc_cred2);
|
||||
fprintf(stdout, "\n");
|
||||
}
|
||||
|
||||
exit(0);
|
||||
|
||||
default:
|
||||
/* parent */
|
||||
}
|
||||
|
||||
error = waitpid(pid2, NULL, 0);
|
||||
/*
|
||||
* Once pid2 has died, it's safe to kill pid1, if it's still
|
||||
* alive. Mask signal failure in case the test actually
|
||||
* killed pid1 (not unlikely: can occur in both signal and
|
||||
* ptrace cases).
|
||||
*/
|
||||
kill(pid1, SIGKILL);
|
||||
error = waitpid(pid2, NULL, 0);
|
||||
}
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
enact_scenarios(void)
|
||||
{
|
||||
int i, error;
|
||||
|
||||
for (i = 0; i < scenarios_count; i++) {
|
||||
error = enact_scenario(i);
|
||||
if (error)
|
||||
perror("enact_scenario");
|
||||
}
|
||||
}
|
34
tools/regression/security/proc_to_proc/scenario.h
Normal file
34
tools/regression/security/proc_to_proc/scenario.h
Normal file
@ -0,0 +1,34 @@
|
||||
/*-
|
||||
* Copyright (c) 2001 Robert N. M. Watson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
#ifndef _SCENARIO_H
|
||||
#define _SCENARIO_H
|
||||
|
||||
int setugid __P((int flag));
|
||||
int enact_scenarios __P((void));
|
||||
|
||||
#endif /* !_SCENARIO_H */
|
65
tools/regression/security/proc_to_proc/testuid.c
Normal file
65
tools/regression/security/proc_to_proc/testuid.c
Normal file
@ -0,0 +1,65 @@
|
||||
/*-
|
||||
* Copyright (c) 2001 Robert N. M. Watson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "scenario.h"
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
int error;
|
||||
|
||||
fprintf(stderr, "test capabilities: ");
|
||||
#ifdef SETSUGID_SUPPORTED
|
||||
fprintf(stderr, "[SETSUGID_SUPPORTED] ");
|
||||
#endif
|
||||
#ifdef SETSUGID_SUPPORTED_BUT_NO_LIBC_STUB
|
||||
fprintf(stderr, "[SETSUGID_SUPPORTED_BUT_NO_LIBC_STUB] ");
|
||||
#endif
|
||||
#ifdef CHECK_CRED_SET
|
||||
fprintf(stderr, "[CHECK_CRED_SET] ");
|
||||
#endif
|
||||
fprintf(stderr, "\n");
|
||||
|
||||
error = setugid(1);
|
||||
if (error) {
|
||||
perror("setugid");
|
||||
fprintf(stderr,
|
||||
"This test suite requires options REGRESSION\n");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
enact_scenarios();
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user