Re: CVS commit: src/tests/kernel
On 10.11.2016 03:44, matthew green wrote: > it would actually be useful to have a testcase that ran iff > root *and* securelevel >= 0 and tests it is unable to attach > to pid 1. > > thanks. > > > .mrg. > OK, I will have a look at it. signature.asc Description: OpenPGP digital signature
re: CVS commit: src/sys
is the problem fixed in -current? if not please someone commit the fix ASAP. this should have been reverted the instant it was identified as being problematic. that was days ago! .mrg.
re: CVS commit: src/tests/kernel
it would actually be useful to have a testcase that ran iff root *and* securelevel >= 0 and tests it is unable to attach to pid 1. thanks. .mrg.
Re: CVS commit: src/tests/kernel
On 10.11.2016 03:28, Paul Goyette wrote: > On Thu, 10 Nov 2016, matthew green wrote: > also, root can't attach to pid1 if securelevel is >= 0. >>> >>> To adjust securelevel this test would need to be modified to run under >>> rump ... We wouldn't want the test to manipulate securelevel of the >>> running system. >> >> s/wouldn't want/*can't* by design have/. >> >> i don't know that running under rump is useful here. i certainly >> would not trust ptrace tests in a rump to cover it properly. this >> test should just be skipped if securelevel >= 0. fact is that >> very few systems run with securelevel these days, so it's a small >> portion of systems that won't have it. > > Yeah, rump probably doesn't make much sense here. Skipping the test > (with atf_tc_skip(...) of course) is likely the best solution. > > This test is already enforcing unprivileged user. For now, I leave all other rump and securelevel use-cases. signature.asc Description: OpenPGP digital signature
re: CVS commit: src/tests/kernel
On Thu, 10 Nov 2016, matthew green wrote: also, root can't attach to pid1 if securelevel is >= 0. To adjust securelevel this test would need to be modified to run under rump ... We wouldn't want the test to manipulate securelevel of the running system. s/wouldn't want/*can't* by design have/. i don't know that running under rump is useful here. i certainly would not trust ptrace tests in a rump to cover it properly. this test should just be skipped if securelevel >= 0. fact is that very few systems run with securelevel these days, so it's a small portion of systems that won't have it. Yeah, rump probably doesn't make much sense here. Skipping the test (with atf_tc_skip(...) of course) is likely the best solution. +--+--++ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired)| FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org | +--+--++
re: CVS commit: src/tests/kernel
> >> Log Message: > >> Add new tests attach_pid0 and attach_pid1 to t_ptrace > >> > >> attach_pid0 asserts that it is not valid to attach PID 0 as it is a special > >> kernel process. > >> > >> assert_pid1 asserts that non-root user cannot attach to PID 1 as it is the > >> /dev/init process. This tests is skipped if run as root. > > > > also, root can't attach to pid1 if securelevel is >= 0. > > To adjust securelevel this test would need to be modified to run under > rump ... We wouldn't want the test to manipulate securelevel of the > running system. s/wouldn't want/*can't* by design have/. i don't know that running under rump is useful here. i certainly would not trust ptrace tests in a rump to cover it properly. this test should just be skipped if securelevel >= 0. fact is that very few systems run with securelevel these days, so it's a small portion of systems that won't have it. .mrg.
re: CVS commit: src/tests/kernel
On Thu, 10 Nov 2016, matthew green wrote: "Kamil Rytarowski" writes: Module Name:src Committed By: kamil Date: Sun Nov 6 16:24:16 UTC 2016 Modified Files: src/tests/kernel: t_ptrace.c Log Message: Add new tests attach_pid0 and attach_pid1 to t_ptrace attach_pid0 asserts that it is not valid to attach PID 0 as it is a special kernel process. assert_pid1 asserts that non-root user cannot attach to PID 1 as it is the /dev/init process. This tests is skipped if run as root. also, root can't attach to pid1 if securelevel is >= 0. To adjust securelevel this test would need to be modified to run under rump ... We wouldn't want the test to manipulate securelevel of the running system. I'm wondering how many of the other test cases would be better if running under rump? +--+--++ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired)| FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org | +--+--++
re: CVS commit: src/tests/kernel
"Kamil Rytarowski" writes: > Module Name: src > Committed By: kamil > Date: Sun Nov 6 16:24:16 UTC 2016 > > Modified Files: > src/tests/kernel: t_ptrace.c > > Log Message: > Add new tests attach_pid0 and attach_pid1 to t_ptrace > > attach_pid0 asserts that it is not valid to attach PID 0 as it is a special > kernel process. > > assert_pid1 asserts that non-root user cannot attach to PID 1 as it is the > /dev/init process. This tests is skipped if run as root. also, root can't attach to pid1 if securelevel is >= 0. .mrg.