diff options
-rw-r--r-- | regress/sys/kern/tame/generic/Makefile | 8 | ||||
-rw-r--r-- | regress/sys/kern/tame/generic/actions.c | 102 | ||||
-rw-r--r-- | regress/sys/kern/tame/generic/main.c | 242 | ||||
-rw-r--r-- | regress/sys/kern/tame/generic/manager.c | 122 | ||||
-rw-r--r-- | regress/sys/kern/tame/generic/manager.h (renamed from regress/sys/kern/tame/generic/actions.h) | 27 | ||||
-rw-r--r-- | regress/sys/kern/tame/generic/tests.out | 101 |
6 files changed, 343 insertions, 259 deletions
diff --git a/regress/sys/kern/tame/generic/Makefile b/regress/sys/kern/tame/generic/Makefile index 0fe1d788497..65815a42431 100644 --- a/regress/sys/kern/tame/generic/Makefile +++ b/regress/sys/kern/tame/generic/Makefile @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile,v 1.2 2015/09/10 11:18:10 semarie Exp $ +# $OpenBSD: Makefile,v 1.3 2015/09/24 06:25:54 semarie Exp $ PROG= generic -SRCS+= main.c manager.c actions.c +SRCS+= main.c manager.c NOMAN= yes -CFLAGS+= -Wall +CFLAGS+= -Wall -Werror REGRESS_TARGETS+= test_normal test_systrace REGRESS_SKIP_TARGETS+= test_systrace @@ -15,7 +15,7 @@ test_systrace: ${PROG} systrace -A ./${PROG} | diff -I OpenBSD -u ${.CURDIR}/tests.out - regenerate: ${PROG} - echo '# $$OpenBSD: Makefile,v 1.2 2015/09/10 11:18:10 semarie Exp $$' > ${.CURDIR}/tests.out + echo '# $$OpenBSD: Makefile,v 1.3 2015/09/24 06:25:54 semarie Exp $$' > ${.CURDIR}/tests.out ./${PROG} | tee -a ${.CURDIR}/tests.out .include <bsd.regress.mk> diff --git a/regress/sys/kern/tame/generic/actions.c b/regress/sys/kern/tame/generic/actions.c deleted file mode 100644 index e25e9723528..00000000000 --- a/regress/sys/kern/tame/generic/actions.c +++ /dev/null @@ -1,102 +0,0 @@ -/* $OpenBSD: actions.c,v 1.3 2015/09/10 11:18:10 semarie Exp $ */ -/* - * Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <sys/resource.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/time.h> -#include <sys/types.h> -#include <sys/wait.h> - -#include <errno.h> -#include <fcntl.h> -#include <signal.h> -#include <stdarg.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <time.h> -#include <unistd.h> - -#include "actions.h" - -int -execute_action(action_t action, va_list opts) -{ - errno = 0; - - switch (action) { - case AC_EXIT: - /* should be catched by manager.c (before been here) */ - _exit(ENOTSUP); - /* NOTREACHED */ - - case AC_KILL: - kill(0, SIGINT); - break; - - case AC_INET: - socket(AF_INET, SOCK_STREAM, 0); - break; - - case AC_TAME: - tame(va_arg(opts, char *), NULL); - break; - - case AC_ALLOWED_SYSCALLS: - clock_getres(CLOCK_MONOTONIC, NULL); - clock_gettime(CLOCK_MONOTONIC, NULL); - /* fchdir(); */ - getdtablecount(); - getegid(); - geteuid(); - getgid(); - getgroups(0, NULL); - getitimer(ITIMER_REAL, NULL); - getlogin(); - getpgid(0); - getpgrp(); - getpid(); - getppid(); - /* getresgid(); */ - /* getresuid(); */ - { struct rlimit rl; getrlimit(RLIMIT_CORE, &rl); } - getsid(0); - getthrid(); - { struct timeval tp; gettimeofday(&tp, NULL); } - getuid(); - geteuid(); - issetugid(); - /* nanosleep(); */ - /* sigreturn(); */ - umask(0000); - /* wait4(); */ - - break; - - case AC_OPENFILE_RDONLY: - { - const char *filename = va_arg(opts, const char *); - int fd = open(filename, O_RDONLY); - if (fd != -1) - close(fd); - } - break; - } - - return (errno); -} diff --git a/regress/sys/kern/tame/generic/main.c b/regress/sys/kern/tame/generic/main.c index 8dcf800a659..5789398bf6a 100644 --- a/regress/sys/kern/tame/generic/main.c +++ b/regress/sys/kern/tame/generic/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.3 2015/09/18 08:34:22 semarie Exp $ */ +/* $OpenBSD: main.c,v 1.4 2015/09/24 06:25:54 semarie Exp $ */ /* * Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org> * @@ -15,19 +15,124 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include <sys/resource.h> +#include <sys/socket.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include <sys/wait.h> + #include <err.h> +#include <errno.h> +#include <fcntl.h> +#include <signal.h> +#include <stdarg.h> #include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <time.h> +#include <unistd.h> + +#include "manager.h" + +static void +test_nop() +{ + /* nop */ +} + +static void +test_inet() +{ + int fd = socket(AF_INET, SOCK_STREAM, 0); + int saved_errno = errno; + close(fd); + errno = saved_errno ? saved_errno : errno; +} -#include "actions.h" +static void +test_kill() +{ + kill(0, SIGINT); +} -void start_test(int *ret, int ntest, const char *req, const char *paths[], ...); +static void +test_allowed_syscalls() +{ + clock_getres(CLOCK_MONOTONIC, NULL); + clock_gettime(CLOCK_MONOTONIC, NULL); + /* fchdir(); */ + getdtablecount(); + getegid(); + geteuid(); + getgid(); + getgroups(0, NULL); + getitimer(ITIMER_REAL, NULL); + getlogin(); + getpgid(0); + getpgrp(); + getpid(); + getppid(); + /* getresgid(); */ + /* getresuid(); */ + { struct rlimit rl; getrlimit(RLIMIT_CORE, &rl); } + getsid(0); + getthrid(); + { struct timeval tp; gettimeofday(&tp, NULL); } + getuid(); + geteuid(); + issetugid(); + /* nanosleep(); */ + /* sigreturn(); */ + umask(0000); + /* wait4(); */ +} -#define start_test1(ret,ntest,req,path,...) \ - do { \ - const char *_paths[] = {path, NULL}; \ - start_test(ret,ntest,req,_paths,__VA_ARGS__); \ - } while (0) +static void +open_close(const char *filename) +{ + int fd; + int saved_errno; + + errno = 0; + printf("\n open_close(\"%s\")", filename); + fd = open(filename, O_RDONLY); + saved_errno = errno; + printf(" fd=%d errno=%d", fd, errno); + if (fd != -1) + close(fd); + errno = saved_errno; +} + +static void +test_wpaths() +{ + /* absolute file */ + open_close("/etc/passwd"); + + /* relative */ + open_close("generic"); + + /* relative */ + open_close("../../../../../../../../../../../../../../../etc/passwd"); + + /* ENOENT */ + open_close("/nonexistent"); + + /* calling exit to flush stdout */ + printf("\n"); + exit(EXIT_SUCCESS); +} + +static void +test_tame() +{ + const char *wpaths[] = { "/sbin", NULL }; + + if (tame("stdio rpath", wpaths) != 0) + _exit(errno); +} int main(int argc, char *argv[]) @@ -42,91 +147,72 @@ main(int argc, char *argv[]) */ /* _exit is always allowed, and nothing else under flags=0 */ - start_test(&ret, 1, "", NULL, AC_EXIT); - start_test(&ret, 2, "", NULL, AC_INET, AC_EXIT); + start_test(&ret, "", NULL, test_nop); + start_test(&ret, "", NULL, test_inet); /* test coredump */ - start_test(&ret, 3, "abort", NULL, AC_INET, AC_EXIT); + start_test(&ret, "abort", NULL, test_inet); /* inet under inet is ok */ - start_test(&ret, 4, "inet", NULL, AC_INET, AC_EXIT); + start_test(&ret, "inet", NULL, test_inet); /* kill under inet is forbidden */ - start_test(&ret, 5, "inet", NULL, AC_KILL, AC_EXIT); + start_test(&ret, "inet", NULL, test_kill); /* kill under proc is allowed */ - start_test(&ret, 6, "proc", NULL, AC_KILL, AC_EXIT); - - /* tests several permitted syscalls */ - start_test(&ret, 7, "dns", NULL, AC_ALLOWED_SYSCALLS, AC_EXIT); - start_test(&ret, 8, "inet", NULL, AC_ALLOWED_SYSCALLS, AC_EXIT); - - /* these TAME_* don't have "permitted syscalls" */ + start_test(&ret, "proc", NULL, test_kill); + + /* tests TAME_SELF for permitted syscalls */ + start_test(&ret, "malloc", NULL, test_allowed_syscalls); + start_test(&ret, "rw", NULL, test_allowed_syscalls); + start_test(&ret, "stdio", NULL, test_allowed_syscalls); + start_test(&ret, "rpath", NULL, test_allowed_syscalls); + start_test(&ret, "wpath", NULL, test_allowed_syscalls); + start_test(&ret, "tmppath", NULL, test_allowed_syscalls); + start_test(&ret, "inet", NULL, test_allowed_syscalls); + start_test(&ret, "unix", NULL, test_allowed_syscalls); + start_test(&ret, "cmsg", NULL, test_allowed_syscalls); + start_test(&ret, "dns", NULL, test_allowed_syscalls); + start_test(&ret, "getpw", NULL, test_allowed_syscalls); + + /* tests req without TAME_SELF for "permitted syscalls" */ // XXX it is a documentation bug - start_test(&ret, 9, "proc", NULL, AC_ALLOWED_SYSCALLS, AC_EXIT); + start_test(&ret, "ioctl", NULL, test_allowed_syscalls); + start_test(&ret, "proc", NULL, test_allowed_syscalls); + start_test(&ret, "cpath", NULL, test_allowed_syscalls); + start_test(&ret, "abort", NULL, test_allowed_syscalls); + start_test(&ret, "fattr", NULL, test_allowed_syscalls); /* - * test absolute whitelist path + * test whitelist path */ - /* without wpaths */ - start_test(&ret, 10, "rpath", NULL, - AC_OPENFILE_RDONLY, "/etc/passwd", - AC_EXIT); - /* exact match */ - start_test1(&ret, 11, "rpath", "/etc/passwd", - AC_OPENFILE_RDONLY, "/etc/passwd", - AC_EXIT); - /* subdir match */ - start_test1(&ret, 12, "rpath", "/etc/", - AC_OPENFILE_RDONLY, "/etc/passwd", - AC_EXIT); - /* same without trailing '/' */ - start_test1(&ret, 13, "rpath", "/etc", - AC_OPENFILE_RDONLY, "/etc/passwd", - AC_EXIT); - /* failing one */ - start_test1(&ret, 14, "rpath", "/bin", - AC_OPENFILE_RDONLY, "/etc/passwd", - AC_EXIT); + start_test(&ret, "stdio rpath", NULL, test_wpaths); + // XXX start_test1(&ret, "stdio rpath", "/", test_wpaths); + start_test1(&ret, "stdio rpath", "/etc", test_wpaths); + start_test1(&ret, "stdio rpath", "/etc/", test_wpaths); + start_test1(&ret, "stdio rpath", "/etc/passwd", test_wpaths); + // XXX start_test1(&ret, "stdio rpath", "/etc/passwd/", test_wpaths); + start_test1(&ret, "stdio rpath", "/bin", test_wpaths); + start_test1(&ret, "stdio rpath", "generic", test_wpaths); + start_test1(&ret, "stdio rpath", "", test_wpaths); + start_test1(&ret, "stdio rpath", ".", test_wpaths); /* - * test relative whitelist path + * test tame(2) arguments */ - /* without wpaths */ - start_test(&ret, 15, "rpath", NULL, - AC_OPENFILE_RDONLY, "generic", - AC_EXIT); - /* exact match */ - start_test1(&ret, 16, "rpath", "generic", - AC_OPENFILE_RDONLY, "generic", - AC_EXIT); - /* subdir match */ - start_test1(&ret, 17, "rpath", "./", - AC_OPENFILE_RDONLY, "generic", - AC_EXIT); - /* same without trailing '/' */ - start_test1(&ret, 18, "rpath", ".", - AC_OPENFILE_RDONLY, "generic", - AC_EXIT); - /* failing one */ - start_test1(&ret, 19, "rpath", ".", - AC_OPENFILE_RDONLY, "../../../../../../../../../../../../../../../etc/passwd", - AC_EXIT); - - /* tame: test reducing flags */ - start_test1(&ret, 20, "rpath wpath", NULL, - AC_TAME, "rpath", - AC_EXIT); - - /* tame: test adding flags */ - start_test1(&ret, 21, "rpath", NULL, - AC_TAME, "rpath wpath", - AC_EXIT); - - /* tame: test replacing flags */ - start_test1(&ret, 22, "rpath", NULL, - AC_TAME, "wpath", - AC_EXIT); + /* same request */ + start_test(&ret, "stdio rpath", NULL, test_tame); + /* same request (stdio = malloc rw) */ + start_test(&ret, "malloc rw rpath", NULL, test_tame); + /* reduce request */ + start_test(&ret, "stdio rpath wpath", NULL, test_tame); + /* reduce request (with same/other wpaths) */ + start_test1(&ret, "stdio rpath wpath", "/sbin", test_tame); + start_test1(&ret, "stdio rpath wpath", "/", test_tame); + /* add request */ + start_test(&ret, "stdio", NULL, test_tame); + /* change request */ + start_test(&ret, "cmsg", NULL, test_tame); return (ret); } diff --git a/regress/sys/kern/tame/generic/manager.c b/regress/sys/kern/tame/generic/manager.c index 138d27f5ef3..76b7965c79a 100644 --- a/regress/sys/kern/tame/generic/manager.c +++ b/regress/sys/kern/tame/generic/manager.c @@ -1,4 +1,4 @@ -/* $OpenBSD: manager.c,v 1.2 2015/09/10 11:18:10 semarie Exp $ */ +/* $OpenBSD: manager.c,v 1.3 2015/09/24 06:25:54 semarie Exp $ */ /* * Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org> * @@ -28,12 +28,8 @@ #include <string.h> #include <unistd.h> -#include "actions.h" - extern char *__progname; -int execute_action(action_t, va_list); - static const char * coredump_name() { @@ -71,13 +67,13 @@ check_coredump() static int -clear_coredump(int *ret, int ntest) +clear_coredump(int *ret, const char *test_name) { int saved_errno = errno; int u; if (((u = unlink(coredump_name())) != 0) && (errno != ENOENT)) { - warn("test(%d): clear_coredump", ntest); + warn("test(%s): clear_coredump", test_name); *ret = EXIT_FAILURE; return (-1); } @@ -151,70 +147,116 @@ out: return (ret); } +/* mainly stolen from src/bin/cat/cat.c */ +static int +drainfd(int rfd, int wfd) +{ + char buf[1024]; + ssize_t nr, nw, off; + + while ((nr = read(rfd, buf, sizeof(buf))) != -1 && nr != 0) + for (off = 0; nr; nr -= nw, off += nw) + if ((nw = write(wfd, buf + off, (size_t)nr)) == 0 || + nw == -1) + return (-1); + if (nr < 0) + return (-1); + + return (0); +} void -start_test(int *ret, int ntest, const char *request, const char *paths[], ...) +_start_test(int *ret, const char *test_name, const char *request, + const char *paths[], void (*test_func)(void)) { - static int ntest_check = 0; + int fildes[2]; pid_t pid; int status; - va_list ap; - action_t action; int i; -#ifndef DEBUG - /* check ntest (useful for dev) */ - if (ntest != ++ntest_check) - errx(EXIT_FAILURE, - "invalid test number: should be %d but is %d", - ntest_check, ntest); -#endif /* DEBUG */ + /* early print testname */ + printf("test(%s): tame=(\"%s\",{", test_name, request); + for (i = 0; paths && paths[i] != NULL; i++) + printf("\"%s\",", paths[i]); + printf("NULL})"); /* unlink previous coredump (if exists) */ - if (clear_coredump(ret, ntest) == -1) + if (clear_coredump(ret, test_name) == -1) return; - + + /* flush outputs (for STDOUT_FILENO manipulation) */ + if (fflush(NULL) != 0) { + warn("test(%s) fflush", test_name); + *ret = EXIT_FAILURE; + return; + } + + /* make pipe to grab output */ + if (pipe(fildes) != 0) { + warn("test(%s) pipe", test_name); + *ret = EXIT_FAILURE; + return; + } + /* fork and launch the test */ switch (pid = fork()) { case -1: - warn("test(%d) fork", ntest); + (void)close(fildes[0]); + (void)close(fildes[1]); + + warn("test(%s) fork", test_name); *ret = EXIT_FAILURE; return; case 0: - /* create a new session (for AC_KILL) */ + /* output to pipe */ + (void)close(fildes[0]); + while (dup2(fildes[1], STDOUT_FILENO) == -1) + if (errno != EINTR) + err(errno, "dup2"); + + /* create a new session (for kill) */ setsid(); - /* XXX redirect output to /dev/null ? */ + /* set tame policy */ if (tame(request, paths) != 0) err(errno, "tame"); - - va_start(ap, paths); - while ((action = va_arg(ap, action_t)) != AC_EXIT) { - execute_action(action, ap); - if (errno != 0) - _exit(errno); - } - va_end(ap); + + /* reset errno and launch test */ + errno = 0; + test_func(); + + if (errno != 0) + _exit(errno); _exit(EXIT_SUCCESS); /* NOTREACHED */ } + /* copy pipe to output */ + (void)close(fildes[1]); + if (drainfd(fildes[0], STDOUT_FILENO) != 0) { + warn("test(%s): drainfd", test_name); + *ret = EXIT_FAILURE; + return; + } + if (close(fildes[0]) != 0) { + warn("test(%s): close", test_name); + *ret = EXIT_FAILURE; + return; + } + /* wait for test to terminate */ while (waitpid(pid, &status, 0) < 0) { if (errno == EAGAIN) continue; - warn("test(%d): waitpid", ntest); + warn("test(%s): waitpid", test_name); *ret = EXIT_FAILURE; return; } /* show status and details */ - printf("test(%d): tame=(\"%s\",{", ntest, request); - for (i = 0; paths && paths[i] != NULL; i++) - printf("\"%s\",", paths[i]); - printf("NULL}) status=%d", status); + printf(" status=%d", status); if (WIFCONTINUED(status)) printf(" continued"); @@ -236,7 +278,7 @@ start_test(int *ret, int ntest, const char *request, const char *paths[], ...) switch(coredump) { case -1: /* error */ - warn("test(%d): check_coredump", ntest); + warn("test(%s): check_coredump", test_name); *ret = EXIT_FAILURE; return; @@ -249,8 +291,8 @@ start_test(int *ret, int ntest, const char *request, const char *paths[], ...) break; default: - warnx("test(%d): unknown coredump code %d", - ntest, coredump); + warnx("test(%s): unknown coredump code %d", + test_name, coredump); *ret = EXIT_FAILURE; return; } @@ -262,7 +304,7 @@ start_test(int *ret, int ntest, const char *request, const char *paths[], ...) int syscall = grab_syscall(pid); switch (syscall) { case -1: /* error */ - warn("test(%d): grab_syscall pid=%d", ntest, + warn("test(%s): grab_syscall pid=%d", test_name, pid); *ret = EXIT_FAILURE; return; diff --git a/regress/sys/kern/tame/generic/actions.h b/regress/sys/kern/tame/generic/manager.h index 17b9e1fb2fa..0960e366d5a 100644 --- a/regress/sys/kern/tame/generic/actions.h +++ b/regress/sys/kern/tame/generic/manager.h @@ -1,4 +1,4 @@ -/* $OpenBSD: actions.h,v 1.1 2015/08/24 09:21:10 semarie Exp $ */ +/* $OpenBSD: manager.h,v 1.1 2015/09/24 06:25:54 semarie Exp $ */ /* * Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org> * @@ -14,16 +14,19 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _ACTIONS_H_ -#define _ACTIONS_H_ +#ifndef _MANAGER_H_ +#define _MANAGER_H_ -typedef enum { - AC_EXIT, - AC_KILL, - AC_INET, - AC_TAME, - AC_ALLOWED_SYSCALLS, - AC_OPENFILE_RDONLY, -} action_t; +void _start_test(int *ret, const char *test_name, const char *request, + const char *paths[], void (*test_func)(void)); -#endif /* _ACTIONS_H_ */ +#define start_test(ret,req,paths,func) \ + _start_test(ret,#func,req,paths,func) + +#define start_test1(ret,req,path,func) \ + do { \ + const char *_paths[] = {path, NULL}; \ + start_test(ret,req,_paths,func); \ + } while (0) + +#endif /* _MANAGER_H_ */ diff --git a/regress/sys/kern/tame/generic/tests.out b/regress/sys/kern/tame/generic/tests.out index 95b99314c2e..e167b3c8f9f 100644 --- a/regress/sys/kern/tame/generic/tests.out +++ b/regress/sys/kern/tame/generic/tests.out @@ -1,23 +1,78 @@ -# $OpenBSD: tests.out,v 1.2 2015/09/10 11:18:10 semarie Exp $ -test(1): tame=("",{NULL}) status=0 exit=0 -test(2): tame=("",{NULL}) status=9 signal=9 tamed_syscall=97 -test(3): tame=("abort",{NULL}) status=134 signal=6 coredump=present tamed_syscall=97 -test(4): tame=("inet",{NULL}) status=0 exit=0 -test(5): tame=("inet",{NULL}) status=9 signal=9 tamed_syscall=37 -test(6): tame=("proc",{NULL}) status=2 signal=2 tamed_syscall=not_found -test(7): tame=("dns",{NULL}) status=0 exit=0 -test(8): tame=("inet",{NULL}) status=0 exit=0 -test(9): tame=("proc",{NULL}) status=9 signal=9 tamed_syscall=89 -test(10): tame=("rpath",{NULL}) status=0 exit=0 -test(11): tame=("rpath",{"/etc/passwd",NULL}) status=0 exit=0 -test(12): tame=("rpath",{"/etc/",NULL}) status=0 exit=0 -test(13): tame=("rpath",{"/etc",NULL}) status=0 exit=0 -test(14): tame=("rpath",{"/bin",NULL}) status=512 exit=2 (errno: "No such file or directory") -test(15): tame=("rpath",{NULL}) status=0 exit=0 -test(16): tame=("rpath",{"generic",NULL}) status=0 exit=0 -test(17): tame=("rpath",{"./",NULL}) status=0 exit=0 -test(18): tame=("rpath",{".",NULL}) status=0 exit=0 -test(19): tame=("rpath",{".",NULL}) status=512 exit=2 (errno: "No such file or directory") -test(20): tame=("rpath wpath",{NULL}) status=0 exit=0 -test(21): tame=("rpath",{NULL}) status=256 exit=1 (errno: "Operation not permitted") -test(22): tame=("rpath",{NULL}) status=256 exit=1 (errno: "Operation not permitted") +# $OpenBSD: tests.out,v 1.3 2015/09/24 06:25:54 semarie Exp $ +test(test_nop): tame=("",{NULL}) status=0 exit=0 +test(test_inet): tame=("",{NULL}) status=9 signal=9 tamed_syscall=97 +test(test_inet): tame=("abort",{NULL}) status=134 signal=6 coredump=present tamed_syscall=97 +test(test_inet): tame=("inet",{NULL}) status=0 exit=0 +test(test_kill): tame=("inet",{NULL}) status=9 signal=9 tamed_syscall=37 +test(test_kill): tame=("proc",{NULL}) status=2 signal=2 tamed_syscall=not_found +test(test_allowed_syscalls): tame=("malloc",{NULL}) status=0 exit=0 +test(test_allowed_syscalls): tame=("rw",{NULL}) status=0 exit=0 +test(test_allowed_syscalls): tame=("stdio",{NULL}) status=0 exit=0 +test(test_allowed_syscalls): tame=("rpath",{NULL}) status=0 exit=0 +test(test_allowed_syscalls): tame=("wpath",{NULL}) status=0 exit=0 +test(test_allowed_syscalls): tame=("tmppath",{NULL}) status=0 exit=0 +test(test_allowed_syscalls): tame=("inet",{NULL}) status=0 exit=0 +test(test_allowed_syscalls): tame=("unix",{NULL}) status=0 exit=0 +test(test_allowed_syscalls): tame=("cmsg",{NULL}) status=0 exit=0 +test(test_allowed_syscalls): tame=("dns",{NULL}) status=0 exit=0 +test(test_allowed_syscalls): tame=("getpw",{NULL}) status=0 exit=0 +test(test_allowed_syscalls): tame=("ioctl",{NULL}) status=9 signal=9 tamed_syscall=89 +test(test_allowed_syscalls): tame=("proc",{NULL}) status=9 signal=9 tamed_syscall=89 +test(test_allowed_syscalls): tame=("cpath",{NULL}) status=9 signal=9 tamed_syscall=89 +test(test_allowed_syscalls): tame=("abort",{NULL}) status=134 signal=6 coredump=present tamed_syscall=89 +test(test_allowed_syscalls): tame=("fattr",{NULL}) status=9 signal=9 tamed_syscall=89 +test(test_wpaths): tame=("stdio rpath",{NULL}) + open_close("/etc/passwd") fd=3 errno=0 + open_close("generic") fd=3 errno=0 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): tame=("stdio rpath",{"/etc",NULL}) + open_close("/etc/passwd") fd=3 errno=0 + open_close("generic") fd=-1 errno=2 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): tame=("stdio rpath",{"/etc/",NULL}) + open_close("/etc/passwd") fd=3 errno=0 + open_close("generic") fd=-1 errno=2 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): tame=("stdio rpath",{"/etc/passwd",NULL}) + open_close("/etc/passwd") fd=3 errno=0 + open_close("generic") fd=-1 errno=2 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): tame=("stdio rpath",{"/bin",NULL}) + open_close("/etc/passwd") fd=-1 errno=2 + open_close("generic") fd=-1 errno=2 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): tame=("stdio rpath",{"generic",NULL}) + open_close("/etc/passwd") fd=-1 errno=2 + open_close("generic") fd=3 errno=0 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): tame=("stdio rpath",{"",NULL}) + open_close("/etc/passwd") fd=-1 errno=2 + open_close("generic") fd=3 errno=0 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): tame=("stdio rpath",{".",NULL}) + open_close("/etc/passwd") fd=-1 errno=2 + open_close("generic") fd=3 errno=0 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_tame): tame=("stdio rpath",{NULL}) status=0 exit=0 +test(test_tame): tame=("malloc rw rpath",{NULL}) status=0 exit=0 +test(test_tame): tame=("stdio rpath wpath",{NULL}) status=0 exit=0 +test(test_tame): tame=("stdio rpath wpath",{"/sbin",NULL}) status=256 exit=1 (errno: "Operation not permitted") +test(test_tame): tame=("stdio rpath wpath",{"/",NULL}) status=256 exit=1 (errno: "Operation not permitted") +test(test_tame): tame=("stdio",{NULL}) status=256 exit=1 (errno: "Operation not permitted") +test(test_tame): tame=("cmsg",{NULL}) status=256 exit=1 (errno: "Operation not permitted") |