Commit Graph

15 Commits

Author SHA1 Message Date
Jonathan Anderson
ceb42a13a1 Regression tests for Capsicum capability mode.
Ensure that system calls that access global namespaces, e.g. open(2), are not permitted, and that whitelisted sysctls like kern.osreldate are.

Approved by: rwatson
Sponsored by: Google, Inc.
2011-05-04 12:44:46 +00:00
Robert Watson
b0cfa3c432 Add open_to_operation, a security regression test that opens files with
various open flags and then tests various operations to make sure that
they are properly constrained by open flags.  Various I/O mechansms
are tried, including aio if compiled into the kernel or loaded as a
module.  There's more to be done here but it's a useful start, running
about 220 individual tests.

This is in support of FreeBSD-SA-08:03.sendfile.
2008-02-14 20:57:38 +00:00
Ruslan Ermilov
e653b48c80 Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by:	core
2004-12-21 08:47:35 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
Robert Watson
9e7ebef8c3 gcc now objects to a default label without any contents. Because I want
to have a comment present in the default case, add a 'break' to each
default case that previously had no actual statements.
2004-07-17 17:01:25 +00:00
Tom Rhodes
9b51759707 file system > filesystem 2002-05-16 05:03:56 +00:00
Robert Watson
cd7aba4057 NAI DBA update. 2002-03-14 20:08:51 +00:00
Robert Watson
abc9a36083 o Fix two eaccess() checks -- in one case, the wrong test file
was used, resulting in a regression failure, and in the other,
  the test on an error return was inverted.

Obtained from: TrustedBSD Project
2001-09-21 21:28:43 +00:00
Robert Watson
884748cf55 o Regression test to check that appropriate parts of the process
credential are used in the access() and new eaccess() system calls.

Obtained from:	TrustedBSD Project
2001-09-20 20:03:58 +00:00
Robert Watson
361515d909 o Add a comment identifying the "privileged on privileged" scenario.
Obtained from:	TrustedBSD Project
2001-04-13 16:38:34 +00:00
Robert Watson
8f6fee753c o Add inter-process authorization uid regression testing for ktrace().
Obtained from:	TrustedBSD Project
2001-04-13 16:25:25 +00:00
Robert Watson
72919d5f6d o s/debug/ptrace/ since shortly there will be tests involving other
forms of debugging.

Obtained from:	TrustedBSD Project
2001-04-13 16:09:40 +00:00
Robert Watson
bacff58c0e o Expand inter-process authorization regression test to include
signalling with sigsegv as one of the tests.
o Teach errno_to_string() about ENOTSUPP.

Obtained from:  TrustedBSD Project
2001-04-12 17:46:20 +00:00
Robert Watson
3ceef0c3d7 o Enable -DSETSUGID_SUPPORTED in inter-process authorization regression
test by default, as setugid() is now part of the base kernel (assuming
  (options REGRESSION) has been enabled for the running kernel).

Obtained from: TrustedBSD Project
2001-04-11 20:23:23 +00:00
Robert Watson
274f7445fd o First pass at an inter-process authorization regression testing suite.
This test utility attempts to evaluate the current kernel policy
  for authorization inter-process activities, currently ptrace(),
  kill(, SIGHUP), getpriority(), and setpriority().  The utility creates
  pairs of processes, initializes their credential sets to useful
  cases, and reports on whether the results are in keeping with hard-coded
  safety expectations.

o Currently, this utility relies on the availability of __setugid(),
  an uncomitted system call used for managing the P_SUGID bit.  Due to
  continuing discussion of optional regression testing kernel components
  ("options REGRESSION") I'll hold off on committing that until the
  discussion has reached its natural termination.

o A number of additional testing factors should be taken into account
  in the testing, including tests for different classes of signals,
  interactions with process session characteristics, I/O signalling,
  broadcast activities such as broadcast signalling, mass priority
  setting, and to take into group-related aspects of credentials.
  Additional operations should also be taken into account, such as ktrace,
  debugging attach using procfs, and so on.

o This testing suite is intended to prevent the introduction of bugs
  in the upcoming sets of authorization changes associated with the
  introduction of process capabilities and mandatory access control.

Obtained from: TrustedBSD Project
2001-04-11 17:21:14 +00:00