Page MenuHomeFreeBSD

Add tests for 4 syscalls in "file-close" audit class
ClosedPublic

Authored by aniketp on Jun 1 2018, 10:43 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 20, 9:00 AM
Unknown Object (File)
Thu, Oct 31, 5:23 AM
Unknown Object (File)
Oct 7 2024, 11:40 AM
Unknown Object (File)
Oct 3 2024, 2:15 AM
Unknown Object (File)
Sep 30 2024, 9:14 AM
Unknown Object (File)
Sep 10 2024, 7:28 AM
Unknown Object (File)
Sep 4 2024, 12:55 PM
Unknown Object (File)
Aug 20 2024, 4:59 PM
Subscribers

Details

Summary

The following changes introduce a new test-program file-close , which introduces tests for the
following 4 system calls in both success and failure mode:

  • munmap
  • close
  • closefrom
  • revoke

Note: These are the only system calls in "cl" audit class

Test Plan

Execute make && make install from test/sys/audit.
Execute kyua test from /usr/tests/sys/audit. All testcases should succeed.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

asomers requested changes to this revision.Jun 2 2018, 2:54 PM

What about closefrom(2)? And I thought that "fc" was "file-close"? If so, you need a different name for "cl".

tests/sys/audit/file-close.c
64 ↗(On Diff #43259)

No magic numbers please

118 ↗(On Diff #43259)

Another magic number

160 ↗(On Diff #43259)

Why would you ever malloc a single byte?

This revision now requires changes to proceed.Jun 2 2018, 2:54 PM
aniketp marked 3 inline comments as done.

Allocate enough size to ptyname and replace hardcoded size for
ptyname with sizeof(ptyname)

tests/sys/audit/file-close.c
68 ↗(On Diff #43271)

What's the significance of 4 * pagesize? Would 1 byte not work?

160 ↗(On Diff #43271)

No magic numbers please.

Update the file descriptor limit as INT_MAX in closefrom(2)

aniketp retitled this revision from Add tests for 3 syscalls in "file-close" audit class to Add tests for 4 syscalls in "file-close" audit class.Jun 2 2018, 6:15 PM
aniketp edited the summary of this revision. (Show Details)
tests/sys/audit/file-close.c
118 ↗(On Diff #43272)

Backslashes aren't needed to break a line in C.

183 ↗(On Diff #43272)

There's still no programmatic guarantee that this buffer will be large enough. Unfortunately , there's no way to achieve that guarantee using openpty(2). That's why people use posix_openpt + ptsname instead. However, if you'll read the source, you'll see that there's an undocumented maximum length that openpty will write. The exact value is left as an exercise to the reader.

Use posix_openpt(2) and ptsname(3) instead of openpty(3)
Also, remove the extraneous backslash in one of the snprintf statement

This revision is now accepted and ready to land.Jun 2 2018, 9:15 PM
asomers requested changes to this revision.Jun 2 2018, 10:09 PM

The build fails on 32-bit architectures. Looks like a classic printf format specifier failure.

/home/asomers/freebsd/base/head/tests/sys/audit/file-close.c:115:50: error: format specifies type 'unsigned long' but the argument has type 'ino_t' (aka 'unsigned long long') [-Werror,-Wformat]
                sizeof(extregex), "close.*%lu.*return,succes", statbuff.st_ino);
                                          ~~~                  ^~~~~~~~~~~~~~~
                                          %llu
1 error generated.
This revision now requires changes to proceed.Jun 2 2018, 10:09 PM

Update the format specifier for st_ino as llu from lu

Well, that fixed the build on i386, but broke it on amd64. Try again.

Would it be fine to check the presence of PID in the audit regex instead of "Inode number"?
Also, is this a viable fix?
snprintf(extregex, sizeof(extregex), "close.*%ld.*return,succes", (long int)statbuff.st_ino);

I tried testing this using -m32 as a "CFLAG" but instead got a loader error: /usr/bin/ld: cannot find -lprivateatf-c

Would it be fine to check the presence of PID in the audit regex instead of "Inode number"?
Also, is this a viable fix?
snprintf(extregex, sizeof(extregex), "close.*%ld.*return,succes", (long int)statbuff.st_ino);

Close. The usual approach in situations like this is to cast the variable to an intmax_t and print it with %jd.

I tried testing this using -m32 as a "CFLAG" but instead got a loader error: /usr/bin/ld: cannot find -lprivateatf-c

That's because you haven't built the 32-bit ATF libraries. The easiest way to do it is to build an entire i386 world. From /usr/src, do ARCH=i386 TARGET_ARCH=i386 make -jwhatever buildworld. You can even build for other architectures, like sparc64 or riscv.

Update the typecasting of statbuff.st_ino to intmax_t and format specfier as %jd to support all architectures.

This revision is now accepted and ready to land.Jun 3 2018, 2:40 AM
This revision was automatically updated to reflect the committed changes.