-# $OpenBSD: Makefile,v 1.3 2015/10/09 11:38:39 semarie Exp $
+# $OpenBSD: Makefile,v 1.4 2015/10/26 18:52:19 semarie Exp $
PROG= generic
-SRCS+= main.c manager.c test_tty.c
+SRCS+= main.c manager.c test_stdio.c test_tty.c
NOMAN= yes
CFLAGS+= -Wall -Werror
-/* $OpenBSD: main.c,v 1.5 2015/10/18 13:01:40 semarie Exp $ */
+/* $OpenBSD: main.c,v 1.6 2015/10/26 18:52:19 semarie Exp $ */
/*
* Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org>
*
#include "manager.h"
+void test_request_stdio(void);
void test_request_tty(void);
static void
kill(0, SIGINT);
}
-static void
-test_allowed_syscalls()
-{
- clock_getres(CLOCK_MONOTONIC, NULL);
- clock_gettime(CLOCK_MONOTONIC, NULL);
- /* fchdir(); */
- getdtablecount();
- getegid();
- geteuid();
- getgid();
- getgroups(0, NULL);
- getitimer(ITIMER_REAL, NULL);
- getlogin();
- getpgid(0);
- getpgrp();
- getpid();
- getppid();
- /* getresgid(); */
- /* getresuid(); */
- { struct rlimit rl; getrlimit(RLIMIT_CORE, &rl); }
- getsid(0);
- getthrid();
- { struct timeval tp; gettimeofday(&tp, NULL); }
- getuid();
- geteuid();
- issetugid();
- /* nanosleep(); */
- /* sigreturn(); */
- umask(0000);
- /* wait4(); */
-}
-
-
static void
open_close(const char *filename)
{
/* test coredump */
start_test(&ret, "abort", NULL, test_inet);
- /* inet under inet is ok */
+ /* inet under inet is ok (stdio is needed of close(2)) */
+ start_test(&ret, "stdio", NULL, test_inet);
start_test(&ret, "inet", NULL, test_inet);
+ start_test(&ret, "stdio inet", NULL, test_inet);
- /* kill under fattr is forbidden (don't have PLEDGE_SELF) */
+ /* kill under fattr is forbidden */
start_test(&ret, "fattr", NULL, test_kill);
/* kill under proc is allowed */
start_test(&ret, "proc", NULL, test_kill);
- /* tests PLEDGE_SELF for permitted syscalls */
- start_test(&ret, "malloc", NULL, test_allowed_syscalls);
- start_test(&ret, "rw", NULL, test_allowed_syscalls);
- start_test(&ret, "stdio", NULL, test_allowed_syscalls);
- start_test(&ret, "rpath", NULL, test_allowed_syscalls);
- start_test(&ret, "wpath", NULL, test_allowed_syscalls);
- start_test(&ret, "tmppath", NULL, test_allowed_syscalls);
- start_test(&ret, "inet", NULL, test_allowed_syscalls);
- start_test(&ret, "unix", NULL, test_allowed_syscalls);
- start_test(&ret, "dns", NULL, test_allowed_syscalls);
- start_test(&ret, "getpw", NULL, test_allowed_syscalls);
-
- /* tests req without PLEDGE_SELF for "permitted syscalls" */
- // XXX it is a documentation bug
- start_test(&ret, "ioctl", NULL, test_allowed_syscalls);
- start_test(&ret, "proc", NULL, test_allowed_syscalls);
- start_test(&ret, "cpath", NULL, test_allowed_syscalls);
- start_test(&ret, "abort", NULL, test_allowed_syscalls);
- start_test(&ret, "fattr", NULL, test_allowed_syscalls);
-
- start_test(&ret, "rpath", NULL, test_rpath);
- start_test(&ret, "wpath", NULL, test_wpath);
+ /* stdio for open(2) */
+ start_test(&ret, "stdio rpath", NULL, test_rpath);
+ start_test(&ret, "stdio wpath", NULL, test_wpath);
start_test(&ret, "rpath cpath", NULL, test_cpath);
/*
*/
/* same request */
start_test(&ret, "stdio rpath", NULL, test_pledge);
- /* same request (stdio = malloc rw) */
- start_test(&ret, "malloc rw rpath", NULL, test_pledge);
/* reduce request */
start_test(&ret, "stdio rpath wpath", NULL, test_pledge);
/* reduce request (with same/other wpaths) */
/* add request */
start_test(&ret, "stdio", NULL, test_pledge);
/* change request */
- start_test(&ret, "unix", NULL, test_pledge);
+ start_test(&ret, "stdio unix", NULL, test_pledge);
/* test stat(2) */
start_test1(&ret, "stdio rpath", "/usr/share/man", test_stat);
/* mmap */
- start_test1(&ret, "rpath malloc prot_exec", "/dev/zero", test_mmap);
- start_test1(&ret, "rpath malloc", "/dev/zero", test_mmap);
+ start_test1(&ret, "stdio rpath prot_exec", "/dev/zero", test_mmap);
+ start_test1(&ret, "stdio rpath", "/dev/zero", test_mmap);
+
+ /* stdio */
+ start_test(&ret, NULL, NULL, test_request_stdio);
/* tty */
start_test(&ret, NULL, NULL, test_request_tty);
--- /dev/null
+/* $OpenBSD: test_stdio.c,v 1.1 2015/10/26 18:52:19 semarie Exp $ */
+/*
+ * Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <sys/resource.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <unistd.h>
+
+void
+test_request_stdio()
+{
+ if (pledge("stdio", NULL) == -1)
+ _exit(errno);
+
+ clock_getres(CLOCK_MONOTONIC, NULL);
+ clock_gettime(CLOCK_MONOTONIC, NULL);
+ /* fchdir(); */
+ getdtablecount();
+ getegid();
+ geteuid();
+ getgid();
+ getgroups(0, NULL);
+ getitimer(ITIMER_REAL, NULL);
+ getlogin();
+ getpgid(0);
+ getpgrp();
+ getpid();
+ getppid();
+ /* getresgid(); */
+ /* getresuid(); */
+ { struct rlimit rl; getrlimit(RLIMIT_CORE, &rl); }
+ getsid(0);
+ getthrid();
+ { struct timeval tp; gettimeofday(&tp, NULL); }
+ getuid();
+ geteuid();
+ issetugid();
+ /* nanosleep(); */
+ /* sigreturn(); */
+ umask(0000);
+ /* wait4(); */
+}
-/* $OpenBSD: test_tty.c,v 1.2 2015/10/09 11:42:54 semarie Exp $ */
+/* $OpenBSD: test_tty.c,v 1.3 2015/10/26 18:52:19 semarie Exp $ */
/*
* Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org>
*
/* TODO: get a tty */
- /* tests that need tty+proc (malloc for self) */
- if (pledge("tty proc malloc", NULL) == -1)
+ /* tests that need tty+proc (stdio for pledge(2) */
+ if (pledge("stdio tty proc", NULL) == -1)
_exit(errno);
/* TIOCSPGRP (tty+proc) */
-# $OpenBSD: tests.out,v 1.7 2015/10/20 06:44:51 semarie Exp $
+# $OpenBSD: tests.out,v 1.8 2015/10/26 18:52:19 semarie Exp $
test(test_nop): pledge=("",NULL) status=0 exit=0
test(test_inet): pledge=("",NULL) status=9 signal=9 pledged_syscall=97
test(test_inet): pledge=("abort",NULL) status=134 signal=6 coredump=present pledged_syscall=97
-test(test_inet): pledge=("inet",NULL) status=0 exit=0
+test(test_inet): pledge=("stdio",NULL) status=9 signal=9 pledged_syscall=97
+test(test_inet): pledge=("inet",NULL) status=9 signal=9 pledged_syscall=6
+test(test_inet): pledge=("stdio inet",NULL) status=0 exit=0
test(test_kill): pledge=("fattr",NULL) status=9 signal=9 pledged_syscall=37
test(test_kill): pledge=("proc",NULL) status=2 signal=2 pledged_syscall=not_found
-test(test_allowed_syscalls): pledge=("malloc",NULL) status=0 exit=0
-test(test_allowed_syscalls): pledge=("rw",NULL) status=0 exit=0
-test(test_allowed_syscalls): pledge=("stdio",NULL) status=0 exit=0
-test(test_allowed_syscalls): pledge=("rpath",NULL) status=0 exit=0
-test(test_allowed_syscalls): pledge=("wpath",NULL) status=0 exit=0
-test(test_allowed_syscalls): pledge=("tmppath",NULL) status=0 exit=0
-test(test_allowed_syscalls): pledge=("inet",NULL) status=0 exit=0
-test(test_allowed_syscalls): pledge=("unix",NULL) status=0 exit=0
-test(test_allowed_syscalls): pledge=("dns",NULL) status=0 exit=0
-test(test_allowed_syscalls): pledge=("getpw",NULL) status=0 exit=0
-test(test_allowed_syscalls): pledge=("ioctl",NULL) status=9 signal=9 pledged_syscall=89
-test(test_allowed_syscalls): pledge=("proc",NULL) status=9 signal=9 pledged_syscall=89
-test(test_allowed_syscalls): pledge=("cpath",NULL) status=9 signal=9 pledged_syscall=89
-test(test_allowed_syscalls): pledge=("abort",NULL) status=134 signal=6 coredump=present pledged_syscall=89
-test(test_allowed_syscalls): pledge=("fattr",NULL) status=9 signal=9 pledged_syscall=89
-test(test_rpath): pledge=("rpath",NULL) status=0 exit=0
-test(test_wpath): pledge=("wpath",NULL) status=0 exit=0
+test(test_rpath): pledge=("stdio rpath",NULL) status=0 exit=0
+test(test_wpath): pledge=("stdio wpath",NULL) status=0 exit=0
test(test_cpath): pledge=("rpath cpath",NULL) status=0 exit=0
test(test_wpaths): pledge=("stdio rpath",NULL)
open_close("/etc/passwd") fd=3 errno=0
open_close("/nonexistent") fd=-1 errno=2
status=0 exit=0
test(test_pledge): pledge=("stdio rpath",NULL) status=0 exit=0
-test(test_pledge): pledge=("malloc rw rpath",NULL) status=0 exit=0
test(test_pledge): pledge=("stdio rpath wpath",NULL) status=0 exit=0
test(test_pledge): pledge=("stdio rpath wpath",{"/sbin",NULL}) status=256 exit=1 (errno: "Operation not permitted")
test(test_pledge): pledge=("stdio rpath wpath",{"/",NULL}) status=256 exit=1 (errno: "Operation not permitted")
test(test_pledge): pledge=("stdio",NULL) status=256 exit=1 (errno: "Operation not permitted")
-test(test_pledge): pledge=("unix",NULL) status=256 exit=1 (errno: "Operation not permitted")
+test(test_pledge): pledge=("stdio unix",NULL) status=256 exit=1 (errno: "Operation not permitted")
test(test_stat): pledge=("stdio rpath",{"/usr/share/man",NULL})
stat("/usr/share/man/man8/afterboot.8"): realpath="/usr/share/man/man8/afterboot.8" uid=0 gid=7 mode=100444
stat("/usr/share/man/man8/"): realpath="/usr/share/man/man8" uid=0 gid=0 mode=40755
stat("/"): realpath="/" uid=0 gid=0 mode=40111
stat("/usr/bin/gzip"): realpath=failed(2) errno=2
status=0 exit=0
-test(test_mmap): pledge=("rpath malloc prot_exec",{"/dev/zero",NULL}) status=0 exit=0
-test(test_mmap): pledge=("rpath malloc",{"/dev/zero",NULL}) status=9 signal=9 pledged_syscall=197
+test(test_mmap): pledge=("stdio rpath prot_exec",{"/dev/zero",NULL}) status=0 exit=0
+test(test_mmap): pledge=("stdio rpath",{"/dev/zero",NULL}) status=9 signal=9 pledged_syscall=197
+test(test_request_stdio): pledge=skip status=0 exit=0
test(test_request_tty): pledge=skip status=0 exit=0
projects / openbsd / commitdiff