[src/trunk]: src/tests/kernel Add attach_pid1_securelevel in t_ptrace

[kamil <kamil%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/291d3b7b15fb
branches:  trunk
changeset: 348888:291d3b7b15fb
user:      kamil <kamil%NetBSD.org@localhost>
date:      Sun Nov 13 22:59:31 2016 +0000

description:
Add attach_pid1_securelevel in t_ptrace

Assert that a debugger cannot attach to PID 1 with securelevel >= 1 (as root).

Test requested by <mrg>

Sponsored by <The NetBSD Foundation>

diffstat:

 tests/kernel/t_ptrace.c |  31 +++++++++++++++++++++++++++++--
 1 files changed, 29 insertions(+), 2 deletions(-)

diffs (64 lines):

diff -r 13bb2f9eb51c -r 291d3b7b15fb tests/kernel/t_ptrace.c
--- a/tests/kernel/t_ptrace.c   Sun Nov 13 22:38:22 2016 +0000
+++ b/tests/kernel/t_ptrace.c   Sun Nov 13 22:59:31 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: t_ptrace.c,v 1.16 2016/11/12 16:23:43 christos Exp $   */
+/*     $NetBSD: t_ptrace.c,v 1.17 2016/11/13 22:59:31 kamil Exp $      */
 
 /*-
  * Copyright (c) 2016 The NetBSD Foundation, Inc.
@@ -27,12 +27,13 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: t_ptrace.c,v 1.16 2016/11/12 16:23:43 christos Exp $");
+__RCSID("$NetBSD: t_ptrace.c,v 1.17 2016/11/13 22:59:31 kamil Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
 #include <sys/ptrace.h>
 #include <sys/stat.h>
+#include <sys/sysctl.h>
 #include <err.h>
 #include <errno.h>
 #include <unistd.h>
@@ -92,6 +93,31 @@
        ATF_REQUIRE_ERRNO(EPERM, ptrace(PT_ATTACH, 1, NULL, 0) == -1);
 }
 
+ATF_TC(attach_pid1_securelevel);
+ATF_TC_HEAD(attach_pid1_securelevel, tc)
+{
+       atf_tc_set_md_var(tc, "descr",
+           "Assert that a debugger cannot attach to PID 1 with "
+           "securelevel >= 1 (as root)");
+
+       atf_tc_set_md_var(tc, "require.user", "root");
+}
+
+ATF_TC_BODY(attach_pid1_securelevel, tc)
+{
+       int level;
+       size_t len = sizeof(level);
+
+       ATF_REQUIRE(sysctlbyname("kern.securelevel", &level, &len, NULL, 0)
+           != -1);
+
+       if (level < 1) {
+               atf_tc_skip("Test must be run with securelevel >= 1");
+       }
+
+       ATF_REQUIRE_ERRNO(EPERM, ptrace(PT_ATTACH, 1, NULL, 0) == -1);
+}
+
 ATF_TC(attach_self);
 ATF_TC_HEAD(attach_self, tc)
 {
@@ -174,6 +200,7 @@
        setvbuf(stderr, NULL, _IONBF, 0);
        ATF_TP_ADD_TC(tp, attach_pid0);
        ATF_TP_ADD_TC(tp, attach_pid1);
+       ATF_TP_ADD_TC(tp, attach_pid1_securelevel);
        ATF_TP_ADD_TC(tp, attach_self);
        ATF_TP_ADD_TC(tp, attach_chroot);