Module Name: src Committed By: kamil Date: Sun Nov 13 22:59:31 UTC 2016
Modified Files: src/tests/kernel: t_ptrace.c Log Message: Add attach_pid1_securelevel in t_ptrace Assert that a debugger cannot attach to PID 1 with securelevel >= 1 (as root). Test requested by <mrg> Sponsored by <The NetBSD Foundation> To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/tests/kernel/t_ptrace.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/tests/kernel/t_ptrace.c diff -u src/tests/kernel/t_ptrace.c:1.16 src/tests/kernel/t_ptrace.c:1.17 --- src/tests/kernel/t_ptrace.c:1.16 Sat Nov 12 16:23:43 2016 +++ src/tests/kernel/t_ptrace.c Sun Nov 13 22:59:31 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: t_ptrace.c,v 1.16 2016/11/12 16:23:43 christos Exp $ */ +/* $NetBSD: t_ptrace.c,v 1.17 2016/11/13 22:59:31 kamil Exp $ */ /*- * Copyright (c) 2016 The NetBSD Foundation, Inc. @@ -27,12 +27,13 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: t_ptrace.c,v 1.16 2016/11/12 16:23:43 christos Exp $"); +__RCSID("$NetBSD: t_ptrace.c,v 1.17 2016/11/13 22:59:31 kamil Exp $"); #include <sys/param.h> #include <sys/types.h> #include <sys/ptrace.h> #include <sys/stat.h> +#include <sys/sysctl.h> #include <err.h> #include <errno.h> #include <unistd.h> @@ -92,6 +93,31 @@ ATF_TC_BODY(attach_pid1, tc) ATF_REQUIRE_ERRNO(EPERM, ptrace(PT_ATTACH, 1, NULL, 0) == -1); } +ATF_TC(attach_pid1_securelevel); +ATF_TC_HEAD(attach_pid1_securelevel, tc) +{ + atf_tc_set_md_var(tc, "descr", + "Assert that a debugger cannot attach to PID 1 with " + "securelevel >= 1 (as root)"); + + atf_tc_set_md_var(tc, "require.user", "root"); +} + +ATF_TC_BODY(attach_pid1_securelevel, tc) +{ + int level; + size_t len = sizeof(level); + + ATF_REQUIRE(sysctlbyname("kern.securelevel", &level, &len, NULL, 0) + != -1); + + if (level < 1) { + atf_tc_skip("Test must be run with securelevel >= 1"); + } + + ATF_REQUIRE_ERRNO(EPERM, ptrace(PT_ATTACH, 1, NULL, 0) == -1); +} + ATF_TC(attach_self); ATF_TC_HEAD(attach_self, tc) { @@ -174,6 +200,7 @@ ATF_TP_ADD_TCS(tp) setvbuf(stderr, NULL, _IONBF, 0); ATF_TP_ADD_TC(tp, attach_pid0); ATF_TP_ADD_TC(tp, attach_pid1); + ATF_TP_ADD_TC(tp, attach_pid1_securelevel); ATF_TP_ADD_TC(tp, attach_self); ATF_TP_ADD_TC(tp, attach_chroot);