Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/tests/lib/libc/sys Add check in ATF tests for security.model...



details:   https://anonhg.NetBSD.org/src/rev/8485d05bb2bf
branches:  trunk
changeset: 321881:8485d05bb2bf
user:      kamil <kamil%NetBSD.org@localhost>
date:      Sun Apr 08 17:20:18 2018 +0000

description:
Add check in ATF tests for security.models.extensions.user_set_dbregs

Introduce a new function can_we_set_dbregs() in the ATF ptrace(2) tests.
It uses lazy-bool evaluation whether a process can call PT_SETDBREGS.

In case of not being able to do so, print a message and mark a test
as skipped:

  Either run this test as root or set sysctl(3)
  security.models.extensions.user_set_dbregs to 1

No functional change intended to the code flow of the existing tested
scenarios.

Sponsored by <The NetBSD Foundation>

diffstat:

 tests/lib/libc/sys/t_ptrace_x86_wait.h |  69 +++++++++++++++++++++++++++++++++-
 1 files changed, 68 insertions(+), 1 deletions(-)

diffs (139 lines):

diff -r ddf548a8b3c3 -r 8485d05bb2bf tests/lib/libc/sys/t_ptrace_x86_wait.h
--- a/tests/lib/libc/sys/t_ptrace_x86_wait.h    Sun Apr 08 16:57:07 2018 +0000
+++ b/tests/lib/libc/sys/t_ptrace_x86_wait.h    Sun Apr 08 17:20:18 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: t_ptrace_x86_wait.h,v 1.4 2018/03/06 21:11:51 kamil Exp $      */
+/*     $NetBSD: t_ptrace_x86_wait.h,v 1.5 2018/04/08 17:20:18 kamil Exp $      */
 
 /*-
  * Copyright (c) 2016 The NetBSD Foundation, Inc.
@@ -57,6 +57,33 @@
        } bits;
 };
 
+static bool
+can_we_set_dbregs(void)
+{
+       static long euid = -1;
+       static int user_set_dbregs  = -1;
+       size_t user_set_dbregs_len = sizeof(user_set_dbregs);
+
+       if (euid == -1)
+               euid = geteuid();
+
+       if (euid == 0)
+               return true;
+
+       if (user_set_dbregs == -1) {
+               if (sysctlbyname("security.models.extensions.user_set_dbregs",
+                       &user_set_dbregs, &user_set_dbregs_len, NULL, 0)
+                       == -1) {
+                       return false;
+               }
+       }
+
+       if (user_set_dbregs > 0)
+               return true;
+       else
+               return false;
+}
+
 ATF_TC(dbregs_print);
 ATF_TC_HEAD(dbregs_print, tc)
 {
@@ -135,6 +162,11 @@
        size_t i;
        int watchme;
 
+       if (!can_we_set_dbregs()) {
+               atf_tc_skip("Either run this test as root or set sysctl(3) "
+                           "security.models.extensions.user_set_dbregs to 1");
+       }
+
        DPRINTF("Before forking process PID=%d\n", getpid());
        SYSCALL_REQUIRE((child = fork()) != -1);
        if (child == 0) {
@@ -389,6 +421,11 @@
        struct ptrace_siginfo info;
        memset(&info, 0, sizeof(info));
 
+       if (!can_we_set_dbregs()) {
+               atf_tc_skip("Either run this test as root or set sysctl(3) "
+                           "security.models.extensions.user_set_dbregs to 1");
+       }
+
        dr7.raw = 0;
        switch (reg) {
        case 0:
@@ -1101,6 +1138,11 @@
        struct ptrace_siginfo info;
        memset(&info, 0, sizeof(info));
 
+       if (!can_we_set_dbregs()) {
+               atf_tc_skip("Either run this test as root or set sysctl(3) "
+                           "security.models.extensions.user_set_dbregs to 1");
+       }
+
        dr7.raw = 0;
        dr7.bits.global_dr0_breakpoint = 1;
        dr7.bits.condition_dr0 = 0;     /* 0b00 -- break on code execution */
@@ -1228,6 +1270,11 @@
        struct ptrace_siginfo info;
        memset(&info, 0, sizeof(info));
 
+       if (!can_we_set_dbregs()) {
+               atf_tc_skip("Either run this test as root or set sysctl(3) "
+                           "security.models.extensions.user_set_dbregs to 1");
+       }
+
        dr7.raw = 0;
        dr7.bits.global_dr1_breakpoint = 1;
        dr7.bits.condition_dr1 = 0;     /* 0b00 -- break on code execution */
@@ -1355,6 +1402,11 @@
        struct ptrace_siginfo info;
        memset(&info, 0, sizeof(info));
 
+       if (!can_we_set_dbregs()) {
+               atf_tc_skip("Either run this test as root or set sysctl(3) "
+                           "security.models.extensions.user_set_dbregs to 1");
+       }
+
        dr7.raw = 0;
        dr7.bits.global_dr2_breakpoint = 1;
        dr7.bits.condition_dr2 = 0;     /* 0b00 -- break on code execution */
@@ -1482,6 +1534,11 @@
        struct ptrace_siginfo info;
        memset(&info, 0, sizeof(info));
 
+       if (!can_we_set_dbregs()) {
+               atf_tc_skip("Either run this test as root or set sysctl(3) "
+                           "security.models.extensions.user_set_dbregs to 1");
+       }
+
        dr7.raw = 0;
        dr7.bits.global_dr3_breakpoint = 1;
        dr7.bits.condition_dr3 = 0;     /* 0b00 -- break on code execution */
@@ -1614,6 +1671,11 @@
        struct dbreg r1;
        struct dbreg r2;
 
+       if (!can_we_set_dbregs()) {
+               atf_tc_skip("Either run this test as root or set sysctl(3) "
+                           "security.models.extensions.user_set_dbregs to 1");
+       }
+
        DPRINTF("Before forking process PID=%d\n", getpid());
        SYSCALL_REQUIRE((child = fork()) != -1);
        if (child == 0) {
@@ -1785,6 +1847,11 @@
        struct ptrace_siginfo info;
        memset(&info, 0, sizeof(info));
 
+       if (!can_we_set_dbregs()) {
+               atf_tc_skip("Either run this test as root or set sysctl(3) "
+                           "security.models.extensions.user_set_dbregs to 1");
+       }
+
        DPRINTF("Before forking process PID=%d\n", getpid());
        SYSCALL_REQUIRE((child = fork()) != -1);
        if (child == 0) {



Home | Main Index | Thread Index | Old Index