diff options
| author | Sebastien Marie <semarie@cvs.openbsd.org> | 2015-09-27 17:55:40 +0000 |
|---|---|---|
| committer | Sebastien Marie <semarie@cvs.openbsd.org> | 2015-09-27 17:55:40 +0000 |
| commit | 9dad5ee38132c5856f41fa1a398712c22a22c6fc (patch) | |
| tree | b3d15e32ce69fcbee453c702282a431b1490d0ba | |
| parent | 817b8ccbf825cd299db43dd401b308a7d02a08d1 (diff) | |
add a tame(2) regress for stat(2) and realpath(3)
| -rw-r--r-- | regress/sys/kern/tame/generic/main.c | 51 | ||||
| -rw-r--r-- | regress/sys/kern/tame/generic/tests.out | 11 |
2 files changed, 60 insertions, 2 deletions
diff --git a/regress/sys/kern/tame/generic/main.c b/regress/sys/kern/tame/generic/main.c index b2a775af072..799e083f86c 100644 --- a/regress/sys/kern/tame/generic/main.c +++ b/regress/sys/kern/tame/generic/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.5 2015/09/24 06:52:22 semarie Exp $ */ +/* $OpenBSD: main.c,v 1.6 2015/09/27 17:55:39 semarie Exp $ */ /* * Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org> * @@ -25,6 +25,7 @@ #include <err.h> #include <errno.h> #include <fcntl.h> +#include <limits.h> #include <signal.h> #include <stdarg.h> #include <stdlib.h> @@ -134,6 +135,51 @@ test_tame() _exit(errno); } +static void +do_stat(const char *path) +{ + char resolved[PATH_MAX]; + struct stat sb; + + printf("\n stat(\"%s\"):", path); + + /* call realpath(3) */ + errno = 0; + if (realpath(path, resolved) != NULL) + printf(" realpath=\"%s\"", resolved); + else + printf(" realpath=failed(%d)", errno); + + /* call stat(2) */ + errno = 0; + if (stat(path, &sb) == 0) + printf(" uid=%d gid=%d mode=%04o", sb.st_uid, sb.st_gid, + sb.st_mode); + else + printf(" errno=%d", errno); +} + +static void +test_stat() +{ + /* in whitelisted path */ + do_stat("/usr/share/man/man8/afterboot.8"); + do_stat("/usr/share/man/man8/"); + do_stat("/usr/share/man"); + + /* parent of whitelisted path */ + do_stat("/usr/share"); + do_stat("/usr"); + do_stat("/"); + + /* outside whitelisted path */ + do_stat("/usr/bin/gzip"); + + /* calling exit to flush stdout */ + printf("\n"); + exit(EXIT_SUCCESS); +} + int main(int argc, char *argv[]) { @@ -215,5 +261,8 @@ main(int argc, char *argv[]) /* change request */ start_test(&ret, "cmsg", NULL, test_tame); + /* test stat(2) */ + start_test1(&ret, "stdio rpath", "/usr/share/man", test_stat); + return (ret); } diff --git a/regress/sys/kern/tame/generic/tests.out b/regress/sys/kern/tame/generic/tests.out index b3fd8d35e74..bdcb16316e6 100644 --- a/regress/sys/kern/tame/generic/tests.out +++ b/regress/sys/kern/tame/generic/tests.out @@ -1,4 +1,4 @@ -# $OpenBSD: tests.out,v 1.4 2015/09/24 06:52:22 semarie Exp $ +# $OpenBSD: tests.out,v 1.5 2015/09/27 17:55:39 semarie Exp $ test(test_nop): tame=("",NULL) status=0 exit=0 test(test_inet): tame=("",NULL) status=9 signal=9 tamed_syscall=97 test(test_inet): tame=("abort",NULL) status=134 signal=6 coredump=present tamed_syscall=97 @@ -82,3 +82,12 @@ test(test_tame): tame=("stdio rpath wpath",{"/sbin",NULL}) status=256 exit=1 (er test(test_tame): tame=("stdio rpath wpath",{"/",NULL}) status=256 exit=1 (errno: "Operation not permitted") test(test_tame): tame=("stdio",NULL) status=256 exit=1 (errno: "Operation not permitted") test(test_tame): tame=("cmsg",NULL) status=256 exit=1 (errno: "Operation not permitted") +test(test_stat): tame=("stdio rpath",{"/usr/share/man",NULL}) + stat("/usr/share/man/man8/afterboot.8"): realpath=failed(2) uid=0 gid=7 mode=100444 + stat("/usr/share/man/man8/"): realpath=failed(2) uid=0 gid=0 mode=40755 + stat("/usr/share/man"): realpath=failed(2) uid=0 gid=0 mode=40755 + stat("/usr/share"): realpath=failed(2) errno=2 + stat("/usr"): realpath="/usr" errno=2 + stat("/"): realpath="/" errno=2 + stat("/usr/bin/gzip"): realpath=failed(2) errno=2 + status=0 exit=0 |