Add couple of simple tests for access(2) and mprotect(2).

2011-04-03 16:12:45 +00:00 · 2011-04-03 16:12:45 +00:00 · 597629b945
parent 6b079736fe
commit 597629b945
4 changed files with 495 additions and 3 deletions
--- a/distrib/sets/lists/tests/mi
+++ b/distrib/sets/lists/tests/mi
@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.284 2011/03/31 23:34:48 joerg Exp $
+# $NetBSD: mi,v 1.285 2011/04/03 16:12:45 jruoho Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@ -564,10 +564,12 @@
 ./usr/libdata/debug/usr/tests/sbin					tests-sbin-tests
 ./usr/libdata/debug/usr/tests/sbin/resize_ffs				tests-sbin-tests
 ./usr/libdata/debug/usr/tests/syscall					tests-syscall-debug
+./usr/libdata/debug/usr/tests/syscall/t_access.debug			tests-syscall-debug	debug,atf
 ./usr/libdata/debug/usr/tests/syscall/t_cmsg.debug			tests-syscall-debug	debug,atf
 ./usr/libdata/debug/usr/tests/syscall/t_dup.debug			tests-syscall-debug	debug,atf
 ./usr/libdata/debug/usr/tests/syscall/t_fsync.debug			tests-syscall-debug	debug,atf
 ./usr/libdata/debug/usr/tests/syscall/t_mmap.debug			tests-syscall-debug	debug,atf
+./usr/libdata/debug/usr/tests/syscall/t_mprotect.debug			tests-syscall-debug	debug,atf
 ./usr/libdata/debug/usr/tests/syscall/t_timer.debug			tests-syscall-debug	debug,atf
 ./usr/libdata/debug/usr/tests/usr.bin					tests-sbin-tests
 ./usr/libdata/debug/usr/tests/usr.sbin					tests-sbin-tests
@ -2104,10 +2106,12 @@
 ./usr/tests/sys/rc/t_rc_d_cli			tests-sys-tests	atf
 ./usr/tests/syscall				tests-syscall-tests
 ./usr/tests/syscall/Atffile			tests-syscall-tests	atf
+./usr/tests/syscall/t_access			tests-syscall-tests	atf
 ./usr/tests/syscall/t_cmsg			tests-syscall-tests	atf
 ./usr/tests/syscall/t_dup			tests-syscall-tests	atf
 ./usr/tests/syscall/t_fsync			tests-syscall-tests	atf
 ./usr/tests/syscall/t_mmap			tests-syscall-tests	atf
+./usr/tests/syscall/t_mprotect			tests-syscall-tests	atf
 ./usr/tests/syscall/t_timer			tests-syscall-tests	atf
 ./usr/tests/toolchain	tests-syscall-tests	atf
 ./usr/tests/toolchain/Atffile	tests-syscall-tests	atf
--- a/tests/syscall/Makefile
+++ b/tests/syscall/Makefile
@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.12 2011/03/31 15:47:57 jruoho Exp $
+# $NetBSD: Makefile,v 1.13 2011/04/03 16:12:45 jruoho Exp $

 .include <bsd.own.mk>

 TESTSDIR=	${TESTSBASE}/syscall

-TESTS_C+=	t_cmsg t_dup t_fsync t_mmap t_timer
+TESTS_C+=	t_access t_cmsg t_dup t_fsync t_mmap t_mprotect t_timer

 LDADD.t_cmsg+=	-lrumpnet_local -lrumpnet_net -lrumpnet
 LDADD.t_cmsg+=	-lrumpvfs -lrump -lrumpuser -lpthread
--- a/tests/syscall/t_access.c
+++ b/tests/syscall/t_access.c
@ -0,0 +1,209 @@
+/* $NetBSD: t_access.c,v 1.1 2011/04/03 16:12:46 jruoho Exp $ */
+
+/*-
+ * Copyright (c) 2011 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Jukka Ruohonen.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: t_access.c,v 1.1 2011/04/03 16:12:46 jruoho Exp $");
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <atf-c.h>
+
+static const char path[] = "/tmp/access";
+static const int mode[4] = { R_OK, W_OK, X_OK, F_OK };
+
+ATF_TC_WITH_CLEANUP(access_access);
+ATF_TC_HEAD(access_access, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test access(2) for EACCES");
+}
+
+ATF_TC_BODY(access_access, tc)
+{
+	const int perm[3] = { 0200, 0400, 0000 };
+	size_t i;
+	int fd;
+
+	fd = open(path, O_RDONLY | O_CREAT);
+
+	if (fd < 0)
+		return;
+
+	for (i = 0; i < __arraycount(mode) - 1; i++) {
+
+		ATF_REQUIRE(fchmod(fd, perm[i]) == 0);
+
+		errno = 0;
+
+		ATF_REQUIRE(access(path, mode[i]) != 0);
+		ATF_REQUIRE(errno == EACCES);
+	}
+
+	ATF_REQUIRE(close(fd) == 0);
+}
+
+ATF_TC_CLEANUP(access_access, tc)
+{
+	(void)unlink(path);
+}
+
+ATF_TC(access_fault);
+ATF_TC_HEAD(access_fault, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test access(2) for EFAULT");
+}
+
+ATF_TC_BODY(access_fault, tc)
+{
+	size_t i;
+
+	for (i = 0; i < __arraycount(mode); i++) {
+
+		errno = 0;
+
+		ATF_REQUIRE(access(NULL, mode[i]) != 0);
+		ATF_REQUIRE(errno == EFAULT);
+
+		errno = 0;
+
+		ATF_REQUIRE(access((char *)-1, mode[i]) != 0);
+		ATF_REQUIRE(errno == EFAULT);
+	}
+}
+
+ATF_TC(access_inval);
+ATF_TC_HEAD(access_inval, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test access(2) for EINVAL");
+}
+
+ATF_TC_BODY(access_inval, tc)
+{
+
+	errno = 0;
+
+	ATF_REQUIRE(access("/usr", -1) != 0);
+	ATF_REQUIRE(errno == EINVAL);
+}
+
+ATF_TC(access_notdir);
+ATF_TC_HEAD(access_notdir, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test access(2) for ENOTDIR");
+}
+
+ATF_TC_BODY(access_notdir, tc)
+{
+	size_t i;
+
+	for (i = 0; i < __arraycount(mode); i++) {
+
+		errno = 0;
+
+		/*
+		 *  IEEE Std 1003.1-2008 about ENOTDIR:
+		 *
+		 *  "A component of the path prefix is not a directory,
+		 *   or the path argument contains at least one non-<slash>
+		 *   character and ends with one or more trailing <slash>
+		 *   characters and the last pathname component names an
+		 *   existing file that is neither a directory nor a symbolic
+		 *   link to a directory."
+		 */
+		ATF_REQUIRE(access("/etc/passwd//", mode[i]) != 0);
+		ATF_REQUIRE(errno == ENOTDIR);
+	}
+}
+
+ATF_TC(access_notexist);
+ATF_TC_HEAD(access_notexist, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test access(2) for ENOENT");
+}
+
+ATF_TC_BODY(access_notexist, tc)
+{
+	size_t i;
+
+	for (i = 0; i < __arraycount(mode); i++) {
+
+		errno = 0;
+
+		ATF_REQUIRE(access("", mode[i]) != 0);
+		ATF_REQUIRE(errno == ENOENT);
+	}
+}
+
+ATF_TC(access_toolong);
+ATF_TC_HEAD(access_toolong, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test access(2) for ENAMETOOLONG");
+}
+
+ATF_TC_BODY(access_toolong, tc)
+{
+	char *buf;
+	size_t i;
+
+	buf = malloc(PATH_MAX);
+
+	if (buf == NULL)
+		return;
+
+	for (i = 0; i < PATH_MAX; i++)
+		buf[i] = 'x';
+
+	for (i = 0; i < __arraycount(mode); i++) {
+
+		errno = 0;
+
+		ATF_REQUIRE(access(buf, mode[i]) != 0);
+		ATF_REQUIRE(errno == ENAMETOOLONG);
+	}
+
+	free(buf);
+}
+
+ATF_TP_ADD_TCS(tp)
+{
+
+	ATF_TP_ADD_TC(tp, access_access);
+	ATF_TP_ADD_TC(tp, access_fault);
+	ATF_TP_ADD_TC(tp, access_inval);
+	ATF_TP_ADD_TC(tp, access_notdir);
+	ATF_TP_ADD_TC(tp, access_notexist);
+	ATF_TP_ADD_TC(tp, access_toolong);
+
+	return atf_no_error();
+}
--- a/tests/syscall/t_mprotect.c
+++ b/tests/syscall/t_mprotect.c
@ -0,0 +1,279 @@
+/* $NetBSD: t_mprotect.c,v 1.1 2011/04/03 16:12:46 jruoho Exp $ */
+
+/*-
+ * Copyright (c) 2011 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Jukka Ruohonen.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: t_mprotect.c,v 1.1 2011/04/03 16:12:46 jruoho Exp $");
+
+#include <sys/param.h>
+#include <sys/mman.h>
+#include <sys/sysctl.h>
+#include <sys/wait.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <stdio.h>		/* XXX. */
+
+#include <atf-c.h>
+
+static long	page = 0;
+static int	pax_global = -1;
+static int	pax_enabled = -1;
+static char	path[] = "/tmp/mmap";
+
+static void	sighandler(int);
+static bool	paxinit(void);
+static bool	paxset(int, int);
+
+static void
+sighandler(int signo)
+{
+	exit(signo);
+}
+
+static bool
+paxinit(void)
+{
+	size_t len = sizeof(int);
+	int rv;
+
+	rv = sysctlbyname("security.pax.mprotect.global",
+	    &pax_global, &len, NULL, 0);
+
+	if (rv != 0)
+		return false;
+
+	rv = sysctlbyname("security.pax.mprotect.enabled",
+	    &pax_enabled, &len, NULL, 0);
+
+	if (rv != 0)
+		return false;
+
+	return paxset(1, 1);
+}
+
+static bool
+paxset(int global, int enabled)
+{
+	size_t len = sizeof(int);
+	int rv;
+
+	rv = sysctlbyname("security.pax.mprotect.global",
+	    NULL, NULL, &global, len);
+
+	if (rv != 0)
+		return false;
+
+	rv = sysctlbyname("security.pax.mprotect.enabled",
+	    NULL, NULL, &enabled, len);
+
+	if (rv != 0)
+		return false;
+
+	return true;
+}
+
+
+ATF_TC_WITH_CLEANUP(mprotect_access);
+ATF_TC_HEAD(mprotect_access, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test for EACCES from mprotect(2)");
+}
+
+ATF_TC_BODY(mprotect_access, tc)
+{
+	int prot[2] = { PROT_NONE, PROT_READ };
+	void *map;
+	size_t i;
+	int fd;
+
+	fd = open(path, O_RDONLY | O_CREAT);
+
+	if (fd < 0)
+		return;
+
+	/*
+	 * The call should fail with EACCES if we try to mark
+	 * a PROT_NONE or PROT_READ file/section as PROT_WRITE.
+	 */
+	for (i = 0; i < __arraycount(prot); i++) {
+
+		map = mmap(NULL, page, prot[i], MAP_SHARED, fd, 0);
+
+		if (map == MAP_FAILED)
+			continue;
+
+		errno = 0;
+
+		ATF_REQUIRE(mprotect(map, page, PROT_WRITE) != 0);
+		ATF_REQUIRE(errno == EACCES);
+		ATF_REQUIRE(munmap(map, page) == 0);
+	}
+
+	ATF_REQUIRE(close(fd) == 0);
+}
+
+ATF_TC_CLEANUP(mprotect_access, tc)
+{
+	(void)unlink(path);
+}
+
+ATF_TC(mprotect_err);
+ATF_TC_HEAD(mprotect_err, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test error conditions of mprotect(2)");
+}
+
+ATF_TC_BODY(mprotect_err, tc)
+{
+	errno = 0;
+
+	ATF_REQUIRE(mprotect((char *)-1, 1, PROT_READ) != 0);
+	ATF_REQUIRE(errno == EINVAL);
+}
+
+ATF_TC(mprotect_pax);
+ATF_TC_HEAD(mprotect_pax, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "PaX restrictions and mprotect(2),");
+	atf_tc_set_md_var(tc, "require.user", "root");
+}
+
+ATF_TC_BODY(mprotect_pax, tc)
+{
+	const int prot[4] = { PROT_NONE, PROT_READ, PROT_WRITE };
+	const char *str = NULL;
+	void *map;
+	size_t i;
+	int rv;
+
+	if (paxinit() != true)
+		return;
+
+	/*
+	 * As noted in the original PaX documentation [1],
+	 * the following restrictions should apply:
+	 *
+	 *   (1) creating executable anonymous mappings
+	 *
+	 *   (2) creating executable/writable file mappings
+	 *
+	 *   (3) making a non-executable mapping executable
+	 *
+	 *   (4) making an executable/read-only file mapping
+	 *       writable except for performing relocations
+	 *       on an ET_DYN ELF file (non-PIC shared library)
+	 *
+	 *  The following will test only the case (3).
+	 *
+	 * [1] http://pax.grsecurity.net/docs/mprotect.txt
+	 *
+	 *     (Sun Apr 3 11:06:53 EEST 2011.)
+	 */
+	for (i = 0; i < __arraycount(prot); i++) {
+
+		map = mmap(NULL, page, prot[i], MAP_ANON, -1, 0);
+
+		if (map == MAP_FAILED)
+			continue;
+
+		rv = mprotect(map, 1, prot[i] | PROT_EXEC);
+
+		(void)munmap(map, page);
+
+		if (rv == 0) {
+			str = "non-executable mapping made executable";
+			goto out;
+		}
+	}
+
+out:
+	if (pax_global != -1 && pax_enabled != -1)
+		(void)paxset(pax_global, pax_enabled);
+
+	if (str != NULL)
+		atf_tc_fail(str);
+}
+
+ATF_TC(mprotect_write);
+ATF_TC_HEAD(mprotect_write, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test mprotect(2) protections");
+}
+
+ATF_TC_BODY(mprotect_write, tc)
+{
+	pid_t pid;
+	void *map;
+	int sta;
+
+	/*
+	 * Map a page write-only, change the protection
+	 * to read-only with mprotect(2), and try to write
+	 * to the page. This should generate a SIGSEGV.
+	 */
+	map = mmap(NULL, page, PROT_WRITE, MAP_ANON, -1, 0);
+
+	if (map == MAP_FAILED)
+		return;
+
+	ATF_REQUIRE(strlcpy(map, "XXX", 3) == 3);
+	ATF_REQUIRE(mprotect(map, page, PROT_READ) == 0);
+
+	pid = fork();
+	ATF_REQUIRE(pid >= 0);
+
+	if (pid == 0) {
+		ATF_REQUIRE(signal(SIGSEGV, sighandler) != SIG_ERR);
+		ATF_REQUIRE(strlcpy(map, "XXX", 3) == 0);
+	}
+
+	(void)wait(&sta);
+
+	ATF_REQUIRE(WIFEXITED(sta) != 0);
+	ATF_REQUIRE(WEXITSTATUS(sta) == SIGSEGV);
+	ATF_REQUIRE(munmap(map, page) == 0);
+}
+
+ATF_TP_ADD_TCS(tp)
+{
+	page = sysconf(_SC_PAGESIZE);
+	ATF_REQUIRE(page >= 0);
+
+	ATF_TP_ADD_TC(tp, mprotect_access);
+	ATF_TP_ADD_TC(tp, mprotect_err);
+	ATF_TP_ADD_TC(tp, mprotect_pax);
+	ATF_TP_ADD_TC(tp, mprotect_write);
+
+	return atf_no_error();
+}