From 6d71f3ed631dd43185c3df70191ab76906e7deed Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Wed, 25 Apr 2018 11:55:19 +0000 Subject: New regress to handle flags --- regress/sys/kern/pledge/pledgepath/Makefile | 4 +- regress/sys/kern/pledge/pledgepath/syscalls.c | 92 +++++++++++++++++++-------- 2 files changed, 69 insertions(+), 27 deletions(-) diff --git a/regress/sys/kern/pledge/pledgepath/Makefile b/regress/sys/kern/pledge/pledgepath/Makefile index 1e497fe9199..13ff66c2178 100644 --- a/regress/sys/kern/pledge/pledgepath/Makefile +++ b/regress/sys/kern/pledge/pledgepath/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.1 2017/11/27 18:10:30 beck Exp $ +# $OpenBSD: Makefile,v 1.2 2018/04/25 11:55:18 beck Exp $ PROG= pledgepath_test SRCS+= syscalls.c NOMAN= yes LDADD+= -lutil -CFLAGS+= -Wall -Werror +CFLAGS+= -Wall REGRESS_TARGETS+= test_normal diff --git a/regress/sys/kern/pledge/pledgepath/syscalls.c b/regress/sys/kern/pledge/pledgepath/syscalls.c index 768c72308de..e2a766fc63c 100644 --- a/regress/sys/kern/pledge/pledgepath/syscalls.c +++ b/regress/sys/kern/pledge/pledgepath/syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syscalls.c,v 1.9 2018/04/24 12:21:51 beck Exp $ */ +/* $OpenBSD: syscalls.c,v 1.10 2018/04/25 11:55:18 beck Exp $ */ /* * Copyright (c) 2017 Bob Beck @@ -51,14 +51,15 @@ char pp_file2[] = "/tmp/ppfile2.XXXXXX"; /* not pledgepathed */ } \ } while(0) +/* all the things unless we override */ +static int pp_flags = O_RDWR|O_EXEC|O_CREAT; + static void do_pledgepath(void) { - if (pledgepath(pp_dir1, 0) == -1) - err(1, "%s:%d - pledgepath", __FILE__, __LINE__); - if (pledgepath(pp_file1, 0) == -1) + if (pledgepath(pp_dir1, pp_flags) == -1) err(1, "%s:%d - pledgepath", __FILE__, __LINE__); - if (pledgepath("/usr/bin/true", 0) == -1) + if (pledgepath(pp_file1, pp_flags) == -1) err(1, "%s:%d - pledgepath", __FILE__, __LINE__); } @@ -98,7 +99,6 @@ test_open(int do_pp) int dirfd; int dirfd2; int dirfd3; - int dirfd4; PP_SHOULD_SUCCEED(((dirfd = open("/", O_RDONLY | O_DIRECTORY)) == -1), "open"); @@ -108,16 +108,10 @@ test_open(int do_pp) do_pledgepath(); } PP_SHOULD_SUCCEED((pledge("paths stdio rpath cpath wpath", NULL) == -1), "pledge"); - if (do_pp) { - printf("(testing pledgepath after pledge)\n"); - do_pledgepath(); - } - PP_SHOULD_SUCCEED(((dirfd3= open(pp_dir2, O_RDONLY | O_DIRECTORY)) == -1), "open"); - PP_SHOULD_SUCCEED((open(pp_file2, O_RDWR) == -1), "open"); - PP_SHOULD_SUCCEED((pledge("stdio rpath cpath wpath", NULL) == -1), "pledge"); - PP_SHOULD_FAIL(((dirfd4= open(pp_dir2, O_RDONLY | O_DIRECTORY)) == -1), "open"); + PP_SHOULD_FAIL((open(pp_file2, O_RDWR) == -1), "open"); + PP_SHOULD_FAIL(((dirfd3= open(pp_dir2, O_RDONLY | O_DIRECTORY)) == -1), "open"); PP_SHOULD_SUCCEED((open(pp_file1, O_RDWR) == -1), "open"); if (!do_pp) { @@ -127,6 +121,11 @@ test_open(int do_pp) } sleep(1); PP_SHOULD_SUCCEED((open(pp_file1, O_RDWR) == -1), "open"); + if (do_pp) { + if (pledgepath(pp_file1, O_RDONLY) == -1) + err(1, "%s:%d - pledgepath", __FILE__, __LINE__); + } + PP_SHOULD_FAIL((open(pp_file1, O_RDWR) == -1), "open"); PP_SHOULD_SUCCEED((openat(dirfd, "etc/hosts", O_RDONLY) == -1), "openat"); PP_SHOULD_FAIL((openat(dirfd, pp_file2, O_RDWR) == -1), "openat"); PP_SHOULD_SUCCEED((openat(dirfd2, "hooray", O_RDWR|O_CREAT) == -1), "openat"); @@ -136,6 +135,13 @@ test_open(int do_pp) (void) snprintf(filename, sizeof(filename), "%s/%s", pp_dir2, "newfile"); PP_SHOULD_FAIL((open(filename, O_RDWR|O_CREAT) == -1), "open"); + if (do_pp) { + printf("(testing pledgepath after pledge)\n"); + do_pledgepath(); + } + PP_SHOULD_SUCCEED((pledge("stdio rpath cpath wpath", NULL) == -1), "pledge"); + + PP_SHOULD_FAIL((open(pp_file2, O_RDWR) == -1), "open"); return 0; } @@ -160,11 +166,18 @@ test_unlink(int do_pp) do_pledgepath(); } - PP_SHOULD_SUCCEED((pledge("stdio rpath cpath wpath", NULL) == -1), + PP_SHOULD_SUCCEED((pledge("paths stdio rpath cpath wpath", NULL) == -1), "pledge"); PP_SHOULD_SUCCEED((unlink(filename1) == -1), "unlink"); PP_SHOULD_FAIL((unlink(filename2) == -1), "unlink"); PP_SHOULD_FAIL((unlink(filename3) == -1), "unlink"); + if (do_pp) { + printf("testing unlink without O_CREAT\n"); + if (pledgepath(filename3, O_RDWR) == -1) + err(1, "%s:%d - pledgepath", __FILE__, __LINE__); + + } + PP_SHOULD_FAIL((unlink(filename3) == -1), "unlink"); return 0; } @@ -179,7 +192,7 @@ test_link(int do_pp) do_pledgepath(); } - PP_SHOULD_SUCCEED((pledge("stdio rpath cpath wpath", NULL) == -1), + PP_SHOULD_SUCCEED((pledge("paths stdio rpath cpath wpath", NULL) == -1), "pledge"); (void) snprintf(filename, sizeof(filename), "%s/%s", pp_dir1, "linkpp1"); @@ -191,6 +204,14 @@ test_link(int do_pp) unlink(filename); PP_SHOULD_FAIL((link(pp_file2, filename) == -1), "link"); PP_SHOULD_FAIL((link(pp_file1, filename2) == -1), "link"); + if (do_pp) { + printf("testing link without O_CREAT\n"); + if (pledgepath(filename, O_RDWR) == -1) + err(1, "%s:%d - pledgepath", __FILE__, __LINE__); + + } + PP_SHOULD_FAIL((link(pp_file1, filename) == -1), "link"); + unlink(filename); return 0; } @@ -339,7 +360,7 @@ test_symlink(int do_pp) do_pledgepath(); } - PP_SHOULD_SUCCEED((pledge("stdio rpath cpath wpath", NULL) == -1), + PP_SHOULD_SUCCEED((pledge("paths stdio rpath cpath wpath", NULL) == -1), "pledge"); (void) snprintf(filename, sizeof(filename), "%s/%s", pp_dir1, "slinkpp1"); @@ -358,6 +379,14 @@ test_symlink(int do_pp) PP_SHOULD_FAIL((lstat(pp_file2, &sb) == -1), "lstat"); PP_SHOULD_FAIL((symlink(pp_file1, filename2) == -1), "symlink"); PP_SHOULD_FAIL((readlink(filename2, buf, sizeof(buf)) == -1), "readlink"); + unlink(filename); + + if (do_pp) { + printf("testing symlink without O_CREAT\n"); + if (pledgepath(filename, O_RDWR) == -1) + err(1, "%s:%d - pledgepath", __FILE__, __LINE__); + } + PP_SHOULD_FAIL((symlink(pp_file1, filename) == -1), "symlink"); return 0; } @@ -369,8 +398,7 @@ test_chmod(int do_pp) printf("testing chmod\n"); do_pledgepath(); } - - PP_SHOULD_SUCCEED((pledge("stdio rpath wpath", NULL) == -1), "pledge"); + PP_SHOULD_SUCCEED((pledge("stdio rpath", NULL) == -1), "pledge"); PP_SHOULD_SUCCEED((chmod(pp_file1, S_IRWXU) == -1), "chmod"); PP_SHOULD_FAIL((chmod(pp_file1, S_IRWXU) == -1), "chmod"); PP_SHOULD_SUCCEED((chmod(pp_dir1, S_IRWXU) == -1), "chmod"); @@ -381,16 +409,29 @@ test_chmod(int do_pp) static int test_exec(int do_pp) { + char *argv[] = {"/usr/bin/true", NULL}; + extern char **environ; if (do_pp) { - printf("testing execve\n"); - do_pledgepath(); + printf("testing execve with O_EXEC only\n"); + if (pledgepath("/usr/bin/true", O_EXEC) == -1) + err(1, "%s:%d - pledgepath", __FILE__, __LINE__); } + PP_SHOULD_SUCCEED((pledge("paths stdio exec", NULL) == -1), "pledge"); + PP_SHOULD_SUCCEED((execve(argv[0], argv, environ) == -1), "execve"); + return 0; +} +static int +test_exec2(int do_pp) +{ char *argv[] = {"/usr/bin/true", NULL}; extern char **environ; - - PP_SHOULD_SUCCEED((pledge("stdio exec", NULL) == -1), "pledge"); - PP_SHOULD_SUCCEED((execve(argv[0], argv, environ) == -1), "execve"); - + if (do_pp) { + printf("testing execve without O_EXEC\n"); + if (pledgepath("/usr/bin/true", O_RDWR) == -1) + err(1, "%s:%d - pledgepath", __FILE__, __LINE__); + } + PP_SHOULD_SUCCEED((pledge("paths stdio exec", NULL) == -1), "pledge"); + PP_SHOULD_FAIL((execve(argv[0], argv, environ) == -1), "execve"); return 0; } @@ -418,6 +459,7 @@ main (int argc, char *argv[]) failures += runcompare(test_symlink); failures += runcompare(test_chmod); failures += runcompare(test_exec); + failures += runcompare(test_exec2); exit(failures); } -- cgit v1.2.3