11 Commits

Author SHA1 Message Date
Warner Losh
c6063d0da8 Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
Julio Merino
2111435b59 errx prepends the program name to the message; don't do it by hand. 2014-03-19 12:52:49 +00:00
Julio Merino
34ed55723a Make the priv test program exit with non-zero if any failures are detected.
And, mind you, this already returns a failure :-/
2014-03-19 12:51:40 +00:00
Kevin Lo
eaec55242c Use MAN= instead of NO_MAN=
For some reason it still tries to install a priv.1 when using NO_MAN,
even though there isn't one yet.
2013-07-16 09:38:51 +00:00
Ulrich Spörlein
8ce070c1b2 Spelling fixes for tools/
Add some $FreeBSD$ tags so svn will allow the commit.
2011-12-30 00:04:11 +00:00
Ulrich Spörlein
47e1a877c5 Always assign WARNS using ?=
- fix some nearby style bugs
- include Makefile.inc where it makes sense and reduces duplication

Approved by:	ed (co-mentor)
2010-03-02 16:58:04 +00:00
Bjoern A. Zeeb
e7fba5c772 Start respecting WITHOUT_INET6.
Make regression/priv compile again after the multi-IP jail
changes.  Note that we are still using the legacy jail(2)
rather than the jail_set(2)/jail(3) syscall.
Add an IPv4,  and an IPv6 loopback address in case we compile
with INET6 enabled.

Make the priv_vfs_extattr_system compile on amd64 as well using the
proper length modifier to printf(3) for ssize_t.

Reviewed by:	rwatson
Approved by:	re (kib)
2009-08-13 09:11:47 +00:00
Bjoern A. Zeeb
f3d220fb9e Remove empty setup and cleanup functions for the pfkey test.
Add regression tests for privileged and supposedly unprivileged
IP_IPSEC_POLICY,IPV6_IPSEC_POLICY setsockopt cases.

We may need to review the current 'good' results to make
sure they reflect what we really want.

Discussed with:	rwatson
Reviewed by:	rwatson
2007-11-16 21:24:45 +00:00
Bjoern A. Zeeb
6007da5f92 In sys/netipsec/keysock.c rev. 1.19 a missing priv check was added.
Before that non-su users were able to open pfkey sockets as well.

Add a regression test so we can detect such problems in an automated way
in the future.
2007-11-13 08:59:29 +00:00
Robert Watson
d903306a26 Enhance and expand kernel privilege regression tests in support of
work present in FreeBSD 7.0 to refine the kernel privilege model:

- Introduce support for jail as a testing variable, in order to
  confirm that privileges are properly restricted in the jail
  environment.

- Restructure overall testing approach so that privilege and jail
  conditions are set in the testing infrastructure before tests
  are invoked, and done so in a custom-created process to isolate
  the impact of tests from each other in a more consistent way.

- Tests now provide setup and cleanup hooks that occur before and
  after the test runs.

- New privilege tests are now present for several audit
  privileges, several credential management privileges, dmesg
  buffer reading privilege, and netinet raw socket creation.

- Other existing tests are restructured and generally improved as
  a result of better framework structure and jail as a variable.
  For exampe, we now test that certain sysctls are writable only
  outside jail, while others are writable within jail.  On a
  similar note, privileges relating to setting UFS file flags are
  now better exercised, as with the right to chmod and utimes
  files.

Approved by:	re (bmah)
Obtained from:	TrustedBSD Project
2007-09-09 23:08:39 +00:00
Robert Watson
9fa5f6b4b9 dd a series of regression tests to validate that privilege requirements are
implemented properly for a number of kernel subsystems.  In general, they
try to exercise the privilege first as the root user, then as a test user,
in order to determine when privilege is being checked.

Currently, these tests do not compare inside/outside jail, and probably
should be enhanced to do that.

Sponsored by:	nCircle Network Security, Inc.
Obtained from:	TrustedBSD Project
2006-09-13 09:05:39 +00:00