Add tests for execve(2) and fexecve(2) in "ex" audit class
Needs RevisionPublic
Actions

Authored by aniketp on Jun 5 2018, 8:49 PM.

Details

Reviewers

asomers
rwatson
gnn

Summary

The following changes introduce a new test-program exec, which contains the tests for
execve(2) and fexecve(2) system calls of ex audit class.

However, there is a certain descrepancy in the regex expression of tests for both syscalls
in success mode. Instead of the conventional return,success. The following regex has been
incorporated.

const char *regex = "fexecve.*sample-argument.*Unknown error: 201";

Reason is explained in the test-program:

fexecve(2) overlays the calling process in successful invocation.
Hence, audit(4) does not get any return value in the event token
for fexecve(2) due to which, it simply places BSM_ERRNO_UNKNOWN
as the ar->ar_errno field.
Please see: sys/security/audit/bsm_errno.c#L728

Test Plan

Execute make && make install from test/sys/audit.
Execute kyua test from /usr/tests/sys/audit. All testcases should succeed.

Diff Detail

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 17028
Build 16895: arc lint + arc unit

Event Timeline

aniketp created this revision.Jun 5 2018, 8:49 PM

Harbormaster completed remote builds in B17028: Diff 43344.Jun 5 2018, 8:49 PM

aniketp edited the summary of this revision. (Show Details)Jun 5 2018, 9:12 PM

aniketp set the repository for this revision to rS FreeBSD src repository - subversion.

Herald added a subscriber: imp. · View Herald TranscriptJun 5 2018, 9:12 PM

These tests are wrong. The execve's audit message is wrong. Rather than write your test to the bug, you should fix the bug instead. I think we discussed on IRC what that would require.

tests/sys/audit/exec.c
61	Line numbers change frequently. Better to point to the function name instead.
71	You need to handle the failure case too. If fork returns < 0 that means it failed, and no new process was created.