summaryrefslogtreecommitdiffstats
path: root/tools/regression/security/proc_to_proc/README
diff options
context:
space:
mode:
Diffstat (limited to 'tools/regression/security/proc_to_proc/README')
-rw-r--r--tools/regression/security/proc_to_proc/README53
1 files changed, 53 insertions, 0 deletions
diff --git a/tools/regression/security/proc_to_proc/README b/tools/regression/security/proc_to_proc/README
new file mode 100644
index 0000000..978ef68
--- /dev/null
+++ b/tools/regression/security/proc_to_proc/README
@@ -0,0 +1,53 @@
+$FreeBSD$
+
+ Inter-Process Authorization Test Suite
+ Robert Watson, TrustedBSD Project
+
+This test suite attempts to determine the behavior of inter-process
+authorization policy present in the kernel. It analyzes a series of
+important scenarios using specifically crafted process credentials
+and a set of operations. It then reports on any divergence from the
+expected results.
+
+Test operations:
+
+ptrace cred1 attempts ptrace attach to cred2
+signal cred1 attempts SIGHUP of cred2
+see cred1 attempts getpriority() on cred2
+sched cred1 attempts setpriority() on cred2
+
+Test scenarioes:
+
+priv on priv root process on another root process
+priv on unpriv1 root process on a non-root process
+unpriv1 on priv non-root process on a root process
+unpriv1 on unpriv1 non-root process on a similar non-root process
+unpriv1 on unpriv2 non-root process on a different non-root process
+unpriv1 on daemon1 non-root process on a root daemon process acting with
+ same non-root effective credentials
+unpriv1 on daemon2 non-root process on a root daemon process acting with
+ different non-root effective credentials
+unpriv1 on setuid1 non-root process on a setuid-root process with same
+ non-root real credentials
+unpriv1 on setuid2 non-root process on a setuid-root process with
+ different non-root real credentials
+
+The credential elements supported by the test suite are:
+
+ effective uid
+ real uid
+ saved uid
+ P_SUGID flag
+
+Other untested aspects of interest include groups, as well as session
+relationship. Other test operations that might be of interest are SIGCONT,
+SIGIO, and SIGSEGV.
+
+The current set of tests includes some tests where normally the P_SUGID
+flag is set, but isn't in the test. The result is that some tests fail
+that may not reflect real-world software configurations. However, they
+do point to possible changes that could be made in the authorization system
+to improve resilience to failure or violation of invariants.
+
+These tests rely on __setugid(), a system call enabled using options
+REGRESSION.
OpenPOWER on IntegriCloud