summaryrefslogtreecommitdiffstats
path: root/tools/regression/priv/priv_io.c
diff options
context:
space:
mode:
Diffstat (limited to 'tools/regression/priv/priv_io.c')
-rw-r--r--tools/regression/priv/priv_io.c115
1 files changed, 46 insertions, 69 deletions
diff --git a/tools/regression/priv/priv_io.c b/tools/regression/priv/priv_io.c
index 1af1847..31e60a0 100644
--- a/tools/regression/priv/priv_io.c
+++ b/tools/regression/priv/priv_io.c
@@ -1,5 +1,6 @@
/*-
* Copyright (c) 2006 nCircle Network Security, Inc.
+ * Copyright (c) 2007 Robert N. M. Watson
* All rights reserved.
*
* This software was developed by Robert N. M. Watson for the TrustedBSD
@@ -32,9 +33,8 @@
/*
* Test privilege check on /dev/io. By default, the permissions also protect
* against non-superuser access, so this program will modify permissions on
- * /dev/io to allow group access for the wheel group, and revert the change
- * on exit. This is not good for run-time security, but is necessary to test
- * the checks properly.
+ * /dev/io to allow world access, and revert the change on exit. This is not
+ * good for run-time security, but is necessary to test the checks properly.
*/
#include <sys/types.h>
@@ -47,89 +47,66 @@
#include "main.h"
-#define NEW_PERMS 0660
+#define NEW_PERMS 0666
#define DEV_IO "/dev/io"
#define EXPECTED_PERMS 0600
-static mode_t saved_perms;
+static int initialized;
+static mode_t saved_perms;
-static void
-save_perms(void)
+int
+priv_io_setup(int asroot, int asjail, struct test *test)
{
struct stat sb;
- if (stat(DEV_IO, &sb) < 0)
- err(-1, "save_perms: stat(%s)", DEV_IO);
-
+ if (stat(DEV_IO, &sb) < 0) {
+ warn("priv_io_setup: stat(%s)", DEV_IO);
+ return (-1);
+ }
saved_perms = sb.st_mode & ALLPERMS;
-
- if (saved_perms != EXPECTED_PERMS)
- err(-1, "save_perms: perms = 0%o; expected 0%o", saved_perms,
- EXPECTED_PERMS);
-
-}
-
-static void
-set_perms(void)
-{
-
- if (chmod(DEV_IO, NEW_PERMS) < 0)
- err(-1, "set_perms: chmod(%s, 0%o)", DEV_IO, NEW_PERMS);
-}
-
-static void
-restore_perms(void)
-{
-
- if (chmod(DEV_IO, saved_perms) < 0)
- err(-1, "restore_perms: chmod(%s, 0%o)", DEV_IO, saved_perms);
+ if (saved_perms != EXPECTED_PERMS) {
+ warnx("priv_io_setup: perms = 0%o; expected 0%o",
+ saved_perms, EXPECTED_PERMS);
+ return (-1);
+ }
+ if (chmod(DEV_IO, NEW_PERMS) < 0) {
+ warn("priv_io_setup: chmod(%s, 0%o)", DEV_IO, NEW_PERMS);
+ return (-1);
+ }
+ initialized = 1;
+ return (0);
}
-static void
-try_open(const char *test_case, uid_t uid, int expected)
+void
+priv_io(int asroot, int injail, struct test *test)
{
- int fd;
+ int error, fd;
- set_euid(uid);
fd = open(DEV_IO, O_RDONLY);
- if (expected == 0) {
- if (fd == -1) {
- warn("try_open: %s open(%s) errno %d", DEV_IO,
- test_case, errno);
- goto out;
- }
+ if (fd < 0)
+ error = -1;
+ else
+ error = 0;
+ if (asroot && injail)
+ expect("priv_io(asroot, injail)", error, -1, EPERM);
+ if (asroot && !injail)
+ expect("priv_io(asroot, !injail)", error, 0, 0);
+ if (!asroot && injail)
+ expect("priv_io(!asroot, injail)", error, -1, EPERM);
+ if (!asroot && !injail)
+ expect("priv_io(!asroot, !injail)", error, -1, EPERM);
+ if (fd != -1)
close(fd);
- goto out;
- }
- if (fd >= 0) {
- warn("try_open: %s open(%s) unexpected success", test_case,
- DEV_IO);
- close(fd);
- goto out;
- }
- if (errno == expected)
- goto out;
- warn("try_open: %s open(%s) wrong errno %d, expected %d", DEV_IO,
- test_case, errno, expected);
-out:
- set_euid(UID_ROOT);
}
void
-priv_io(void)
+priv_io_cleanup(int asroot, int asjail, struct test *test)
{
- assert_root();
-
- save_perms();
-
- try_open("root:0600", UID_ROOT, 0);
- try_open("other", UID_OTHER, EACCES);
-
- set_perms();
-
- try_open("root:0660", UID_ROOT, 0);
- try_open("other", UID_OTHER, EPERM);
-
- restore_perms();
+ if (!initialized)
+ return;
+ if (chmod(DEV_IO, saved_perms) < 0)
+ err(-1, "priv_io_cleanup: chmod(%s, 0%o)", DEV_IO,
+ saved_perms);
+ initialized = 0;
}
OpenPOWER on IntegriCloud