Module Name: src
Committed By: jruoho
Date: Mon May 9 17:53:54 UTC 2011
Modified Files:
src/distrib/sets/lists/tests: mi
src/etc/mtree: NetBSD.dist.tests
src/tests/sbin: Makefile
Added Files:
src/tests/sbin/sysctl: Makefile t_perm.sh
Log Message:
Add a test case for PR kern/44946. This tests that common first level sysctl
nodes (ddb, hw, machdep, etc.) are not writable by a normal user.
To generate a diff of this commit:
cvs rdiff -u -r1.334 -r1.335 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.47 -r1.48 src/etc/mtree/NetBSD.dist.tests
cvs rdiff -u -r1.4 -r1.5 src/tests/sbin/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/sbin/sysctl/Makefile \
src/tests/sbin/sysctl/t_perm.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/lists/tests/mi
diff -u src/distrib/sets/lists/tests/mi:1.334 src/distrib/sets/lists/tests/mi:1.335
--- src/distrib/sets/lists/tests/mi:1.334 Mon May 9 07:31:50 2011
+++ src/distrib/sets/lists/tests/mi Mon May 9 17:53:54 2011
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.334 2011/05/09 07:31:50 jruoho Exp $
+# $NetBSD: mi,v 1.335 2011/05/09 17:53:54 jruoho Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -2293,6 +2293,9 @@
./usr/tests/sbin/route tests-sbin-tests
./usr/tests/sbin/route/Atffile tests-sbin-tests atf
./usr/tests/sbin/route/t_missing tests-sbin-tests atf
+./usr/tests/sbin/sysctl tests-sbin-tests
+./usr/tests/sbin/sysctl/Atffile tests-sbin-tests atf
+./usr/tests/sbin/sysctl/t_perm tests-sbin-tests atf
./usr/tests/sys tests-sys-tests
./usr/tests/sys/Atffile tests-sys-tests atf
./usr/tests/sys/rc tests-sys-tests
Index: src/etc/mtree/NetBSD.dist.tests
diff -u src/etc/mtree/NetBSD.dist.tests:1.47 src/etc/mtree/NetBSD.dist.tests:1.48
--- src/etc/mtree/NetBSD.dist.tests:1.47 Thu May 5 05:39:11 2011
+++ src/etc/mtree/NetBSD.dist.tests Mon May 9 17:53:54 2011
@@ -1,4 +1,4 @@
-# $NetBSD: NetBSD.dist.tests,v 1.47 2011/05/05 05:39:11 jruoho Exp $
+# $NetBSD: NetBSD.dist.tests,v 1.48 2011/05/09 17:53:54 jruoho Exp $
./usr/libdata/debug/usr/tests
./usr/libdata/debug/usr/tests/atf
@@ -234,6 +234,7 @@
./usr/tests/sbin/newfs
./usr/tests/sbin/resize_ffs
./usr/tests/sbin/route
+./usr/tests/sbin/sysctl
./usr/tests/sys
./usr/tests/sys/rc
./usr/tests/syscall
Index: src/tests/sbin/Makefile
diff -u src/tests/sbin/Makefile:1.4 src/tests/sbin/Makefile:1.5
--- src/tests/sbin/Makefile:1.4 Tue May 3 07:56:42 2011
+++ src/tests/sbin/Makefile Mon May 9 17:53:54 2011
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.4 2011/05/03 07:56:42 jruoho Exp $
+# $NetBSD: Makefile,v 1.5 2011/05/09 17:53:54 jruoho Exp $
#
.include <bsd.own.mk>
TESTSDIR= ${TESTSBASE}/sbin
-TESTS_SUBDIRS+= fsck_ffs ifconfig newfs resize_ffs route
+TESTS_SUBDIRS+= fsck_ffs ifconfig newfs resize_ffs route sysctl
.include <bsd.test.mk>
Added files:
Index: src/tests/sbin/sysctl/Makefile
diff -u /dev/null src/tests/sbin/sysctl/Makefile:1.1
--- /dev/null Mon May 9 17:53:54 2011
+++ src/tests/sbin/sysctl/Makefile Mon May 9 17:53:54 2011
@@ -0,0 +1,9 @@
+# $NetBSD: Makefile,v 1.1 2011/05/09 17:53:54 jruoho Exp $
+
+.include <bsd.own.mk>
+
+TESTSDIR= ${TESTSBASE}/sbin/sysctl
+
+TESTS_SH= t_perm
+
+.include <bsd.test.mk>
Index: src/tests/sbin/sysctl/t_perm.sh
diff -u /dev/null src/tests/sbin/sysctl/t_perm.sh:1.1
--- /dev/null Mon May 9 17:53:54 2011
+++ src/tests/sbin/sysctl/t_perm.sh Mon May 9 17:53:54 2011
@@ -0,0 +1,207 @@
+#! /usr/bin/atf-sh
+#
+# $NetBSD: t_perm.sh,v 1.1 2011/05/09 17:53:54 jruoho Exp $
+#
+# Copyright (c) 2011 The NetBSD Foundation, Inc.
+# All rights reserved.
+#
+# This code is derived from software contributed to The NetBSD Foundation
+# by Jukka Ruohonen.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+clean() {
+
+ if [ -f /tmp/d_sysctl.out ]; then
+ rm /tmp/d_sysctl.out
+ fi
+}
+
+sysctl_write() {
+
+
+ deadbeef="3735928559"
+ file="/tmp/d_sysctl.out"
+
+ sysctl "$1" | cut -d= -f1 > $file
+
+ if [ ! -f $file ]; then
+ atf_fail "sysctl -a failed"
+ fi
+
+ # This should probably include a functional verification
+ # that $deadbeef was not actually written to the node...
+ #
+ while read line; do
+
+ node="$(echo $line)"
+
+ case "$node" in
+
+ "$1."*)
+ atf_check -s not-exit:0 -e ignore \
+ -x sysctl -w "$node=$deadbeef"
+ ;;
+ esac
+
+ done < $file
+}
+
+# ddb.
+#
+atf_test_case sysctl_ddb cleanup
+sysctl_ddb_head() {
+ atf_set "require.user" "unprivileged"
+ atf_set "descr" "Test writing to 'ddb' sysctl node as an user"
+}
+
+sysctl_ddb_body() {
+ sysctl_write "ddb"
+}
+
+sysctl_ddb_cleanup() {
+ clean
+}
+
+# hw.
+#
+atf_test_case sysctl_hw cleanup
+sysctl_hw_head() {
+ atf_set "require.user" "unprivileged"
+ atf_set "descr" "Test writing to 'hw' sysctl node as an user"
+}
+
+sysctl_hw_body() {
+ sysctl_write "hw"
+}
+
+sysctl_hw_cleanup() {
+ clean
+}
+
+# kern.
+#
+atf_test_case sysctl_kern #cleanup
+sysctl_kern_head() {
+ atf_set "require.user" "unprivileged"
+ atf_set "descr" "Test writing to 'kern' sysctl node as an user"
+}
+
+sysctl_kern_body() {
+ atf_expect_fail "PR kern/44946"
+ sysctl_write "kern"
+}
+
+sysctl_kern_cleanup() {
+ clean
+}
+
+# machdep.
+#
+atf_test_case sysctl_machdep cleanup
+sysctl_machdep_head() {
+ atf_set "require.user" "unprivileged"
+ atf_set "descr" "Test writing to 'machdep' sysctl node as an user"
+}
+
+sysctl_machdep_body() {
+ sysctl_write "machdep"
+}
+
+sysctl_machdep_cleanup() {
+ clean
+}
+
+# net.
+#
+atf_test_case sysctl_net cleanup
+sysctl_net_head() {
+ atf_set "require.user" "unprivileged"
+ atf_set "descr" "Test writing to 'net' sysctl node as an user"
+}
+
+sysctl_net_body() {
+ sysctl_write "net"
+}
+
+sysctl_net_cleanup() {
+ clean
+}
+
+# security.
+#
+atf_test_case sysctl_security cleanup
+sysctl_security_head() {
+ atf_set "require.user" "unprivileged"
+ atf_set "descr" "Test writing to 'security' sysctl node as an user"
+}
+
+sysctl_security_body() {
+ sysctl_write "security"
+}
+
+sysctl_security_cleanup() {
+ clean
+}
+
+# vfs.
+#
+atf_test_case sysctl_vfs cleanup
+sysctl_vfs_head() {
+ atf_set "require.user" "unprivileged"
+ atf_set "descr" "Test writing to 'vfs' sysctl node as an user"
+}
+
+sysctl_vfs_body() {
+ sysctl_write "vfs"
+}
+
+sysctl_vfs_cleanup() {
+ clean
+}
+
+# vm.
+#
+atf_test_case sysctl_vm cleanup
+sysctl_vm_head() {
+ atf_set "require.user" "unprivileged"
+ atf_set "descr" "Test writing to 'vm' sysctl node as an user"
+}
+
+sysctl_vm_body() {
+ sysctl_write "vm"
+}
+
+sysctl_vm_cleanup() {
+ clean
+}
+
+atf_init_test_cases() {
+ atf_add_test_case sysctl_ddb
+ atf_add_test_case sysctl_hw
+ atf_add_test_case sysctl_kern
+ atf_add_test_case sysctl_machdep
+ atf_add_test_case sysctl_net
+ atf_add_test_case sysctl_security
+ atf_add_test_case sysctl_vfs
+ atf_add_test_case sysctl_vm
+}
