Page MenuHomeFreeBSD
Files F153546887

D15669.id43344.diff
No OneTemporary
Actions

D15669.id43344.diff
View Options

Index: tests/sys/audit/Makefile
===================================================================
--- tests/sys/audit/Makefile
+++ tests/sys/audit/Makefile
@@ -8,6 +8,7 @@
ATF_TESTS_C+= file-write
ATF_TESTS_C+= file-read
ATF_TESTS_C+= open
+ATF_TESTS_C+= exec
SRCS.file-create+= file-create.c
SRCS.file-create+= utils.c
@@ -21,6 +22,8 @@
SRCS.file-read+= utils.c
SRCS.open+= open.c
SRCS.open+= utils.c
+SRCS.exec+= exec.c
+SRCS.exec+= utils.c
TEST_METADATA+= timeout="30"
TEST_METADATA+= required_user="root"
Index: tests/sys/audit/exec.c
===================================================================
--- /dev/null
+++ tests/sys/audit/exec.c
@@ -0,0 +1,186 @@
+/*-
+ * Copyright (c) 2018 Aniket Pandey
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include <atf-c.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "utils.h"
+
+static pid_t pid;
+static int status;
+static int filedesc;
+static struct pollfd fds[1];
+static char bin[] = "/usr/bin/true";
+static char argument[] = "sample-argument";
+static char *arg[] = {bin, argument, NULL};
+
+
+ATF_TC_WITH_CLEANUP(execve_success);
+ATF_TC_HEAD(execve_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "execve(2) call");
+}
+
+ATF_TC_BODY(execve_success, tc)
+{
+ /*
+ * execve(2) overlays the calling process in successful invocation.
+ * Hence, audit(4) does not get any return value in the event token
+ * for execve(2) due to which, it simply places "BSM_ERRNO_UNKNOWN"
+ * as the "ar->ar_errno" field.
+ * Please see: sys/security/audit/bsm_errno.c#L728
+ */
+ const char *regex = "execve.*sample-argument.*Unknown error: 201";
+ FILE *pipefd = setup(fds, "ex");
+
+ ATF_REQUIRE((pid = fork()) != -1);
+ if (pid) {
+ ATF_REQUIRE(wait(&status) != -1);
+ check_audit(fds, regex, pipefd);
+ }
+ else
+ ATF_REQUIRE(execve(bin, arg, NULL) != -1);
+}
+
+ATF_TC_CLEANUP(execve_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(execve_failure);
+ATF_TC_HEAD(execve_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "execve(2) call");
+}
+
+ATF_TC_BODY(execve_failure, tc)
+{
+ const char *regex = "execve.*return,failure : Bad address";
+ FILE *pipefd = setup(fds, "ex");
+
+ ATF_REQUIRE((pid = fork()) != -1);
+ if (pid) {
+ ATF_REQUIRE(wait(&status) != -1);
+ check_audit(fds, regex, pipefd);
+ }
+ else
+ ATF_REQUIRE_EQ(-1, execve(bin, arg, (char *const *)(-1)));
+}
+
+ATF_TC_CLEANUP(execve_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fexecve_success);
+ATF_TC_HEAD(fexecve_success, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+ "fexecve(2) call");
+}
+
+ATF_TC_BODY(fexecve_success, tc)
+{
+ filedesc = open(bin, O_RDONLY | O_EXEC);
+
+ /*
+ * fexecve(2) overlays the calling process in successful invocation.
+ * Hence, audit(4) does not get any return value in the event token
+ * for fexecve(2) due to which, it simply places "BSM_ERRNO_UNKNOWN"
+ * as the "ar->ar_errno" field.
+ * Please see: sys/security/audit/bsm_errno.c#L728
+ */
+ const char *regex = "fexecve.*sample-argument.*Unknown error: 201";
+ FILE *pipefd = setup(fds, "ex");
+
+ ATF_REQUIRE((pid = fork()) != -1);
+ if (pid) {
+ ATF_REQUIRE(wait(&status) != -1);
+ check_audit(fds, regex, pipefd);
+ }
+ else
+ ATF_REQUIRE(fexecve(filedesc, arg, NULL) != -1);
+
+ /* Close the file descriptor of the executable */
+ ATF_REQUIRE_EQ(0, close(filedesc));
+}
+
+ATF_TC_CLEANUP(fexecve_success, tc)
+{
+ cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fexecve_failure);
+ATF_TC_HEAD(fexecve_failure, tc)
+{
+ atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+ "fexecve(2) call");
+}
+
+ATF_TC_BODY(fexecve_failure, tc)
+{
+ filedesc = open(bin, O_RDONLY | O_EXEC);
+ const char *regex = "execve.*return,failure : Bad address";
+ FILE *pipefd = setup(fds, "ex");
+
+ ATF_REQUIRE((pid = fork()) != -1);
+ if (pid) {
+ ATF_REQUIRE(wait(&status) != -1);
+ check_audit(fds, regex, pipefd);
+ }
+ else
+ ATF_REQUIRE_EQ(-1, fexecve(filedesc, arg, (char *const *)(-1)));
+
+ /* Close the file descriptor of the executable */
+ ATF_REQUIRE_EQ(0, close(filedesc));
+}
+
+ATF_TC_CLEANUP(fexecve_failure, tc)
+{
+ cleanup();
+}
+
+
+ATF_TP_ADD_TCS(tp)
+{
+ ATF_TP_ADD_TC(tp, execve_success);
+ ATF_TP_ADD_TC(tp, execve_failure);
+ ATF_TP_ADD_TC(tp, fexecve_success);
+ ATF_TP_ADD_TC(tp, fexecve_failure);
+
+ return (atf_no_error());
+}

File Metadata

Mime Type
text/plain
Expires
Wed, Apr 22, 7:43 PM (3 h, 8 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31996596
Default Alt Text
D15669.id43344.diff (5 KB)

Event Timeline