xref: /freebsd/contrib/netbsd-tests/kernel/t_ptrace.c (revision 1a36faad54665288ed4eb839d2a4699ae2ead45e) 
1*63d1fd59SEnji Cooper /*	$NetBSD: t_ptrace.c,v 1.18 2017/01/13 21:30:41 christos Exp $	*/
2cdebaff8SEnji Cooper 
3cdebaff8SEnji Cooper /*-
4cdebaff8SEnji Cooper  * Copyright (c) 2016 The NetBSD Foundation, Inc.
5cdebaff8SEnji Cooper  * All rights reserved.
6cdebaff8SEnji Cooper  *
7cdebaff8SEnji Cooper  * Redistribution and use in source and binary forms, with or without
8cdebaff8SEnji Cooper  * modification, are permitted provided that the following conditions
9cdebaff8SEnji Cooper  * are met:
10cdebaff8SEnji Cooper  * 1. Redistributions of source code must retain the above copyright
11cdebaff8SEnji Cooper  *    notice, this list of conditions and the following disclaimer.
12cdebaff8SEnji Cooper  * 2. Redistributions in binary form must reproduce the above copyright
13cdebaff8SEnji Cooper  *    notice, this list of conditions and the following disclaimer in the
14cdebaff8SEnji Cooper  *    documentation and/or other materials provided with the distribution.
15cdebaff8SEnji Cooper  *
16cdebaff8SEnji Cooper  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
17cdebaff8SEnji Cooper  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18cdebaff8SEnji Cooper  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19cdebaff8SEnji Cooper  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
20cdebaff8SEnji Cooper  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21cdebaff8SEnji Cooper  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22cdebaff8SEnji Cooper  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23cdebaff8SEnji Cooper  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24cdebaff8SEnji Cooper  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25cdebaff8SEnji Cooper  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26cdebaff8SEnji Cooper  * POSSIBILITY OF SUCH DAMAGE.
27cdebaff8SEnji Cooper  */
28cdebaff8SEnji Cooper 
29cdebaff8SEnji Cooper #include <sys/cdefs.h>
30*63d1fd59SEnji Cooper __RCSID("$NetBSD: t_ptrace.c,v 1.18 2017/01/13 21:30:41 christos Exp $");
31cdebaff8SEnji Cooper 
32cdebaff8SEnji Cooper #include <sys/param.h>
33cdebaff8SEnji Cooper #include <sys/types.h>
34cdebaff8SEnji Cooper #include <sys/ptrace.h>
35cdebaff8SEnji Cooper #include <sys/stat.h>
36cdebaff8SEnji Cooper #include <sys/sysctl.h>
37cdebaff8SEnji Cooper #include <err.h>
38cdebaff8SEnji Cooper #include <errno.h>
39cdebaff8SEnji Cooper #include <unistd.h>
40cdebaff8SEnji Cooper 
41cdebaff8SEnji Cooper #include <atf-c.h>
42cdebaff8SEnji Cooper 
43*63d1fd59SEnji Cooper #include "h_macros.h"
44cdebaff8SEnji Cooper 
45cdebaff8SEnji Cooper /*
46cdebaff8SEnji Cooper  * A child process cannot call atf functions and expect them to magically
47cdebaff8SEnji Cooper  * work like in the parent.
48cdebaff8SEnji Cooper  * The printf(3) messaging from a child will not work out of the box as well
49cdebaff8SEnji Cooper  * without estabilishing a communication protocol with its parent. To not
50cdebaff8SEnji Cooper  * overcomplicate the tests - do not log from a child and use err(3)/errx(3)
51cdebaff8SEnji Cooper  * wrapped with FORKEE_ASSERT()/FORKEE_ASSERTX() as that is guaranteed to work.
52cdebaff8SEnji Cooper  */
53cdebaff8SEnji Cooper #define FORKEE_ASSERTX(x)							\
54cdebaff8SEnji Cooper do {										\
55cdebaff8SEnji Cooper 	int ret = (x);								\
56cdebaff8SEnji Cooper 	if (!ret)								\
57cdebaff8SEnji Cooper 		errx(EXIT_FAILURE, "%s:%d %s(): Assertion failed for: %s",	\
58cdebaff8SEnji Cooper 		     __FILE__, __LINE__, __func__, #x);				\
59cdebaff8SEnji Cooper } while (0)
60cdebaff8SEnji Cooper 
61cdebaff8SEnji Cooper #define FORKEE_ASSERT(x)							\
62cdebaff8SEnji Cooper do {										\
63cdebaff8SEnji Cooper 	int ret = (x);								\
64cdebaff8SEnji Cooper 	if (!ret)								\
65cdebaff8SEnji Cooper 		err(EXIT_FAILURE, "%s:%d %s(): Assertion failed for: %s",	\
66cdebaff8SEnji Cooper 		     __FILE__, __LINE__, __func__, #x);				\
67cdebaff8SEnji Cooper } while (0)
68cdebaff8SEnji Cooper 
69cdebaff8SEnji Cooper ATF_TC(attach_pid0);
ATF_TC_HEAD(attach_pid0,tc)70cdebaff8SEnji Cooper ATF_TC_HEAD(attach_pid0, tc)
71cdebaff8SEnji Cooper {
72cdebaff8SEnji Cooper 	atf_tc_set_md_var(tc, "descr",
73cdebaff8SEnji Cooper 	    "Assert that a debugger cannot attach to PID 0");
74cdebaff8SEnji Cooper }
75cdebaff8SEnji Cooper 
ATF_TC_BODY(attach_pid0,tc)76cdebaff8SEnji Cooper ATF_TC_BODY(attach_pid0, tc)
77cdebaff8SEnji Cooper {
78cdebaff8SEnji Cooper 	errno = 0;
79cdebaff8SEnji Cooper 	ATF_REQUIRE_ERRNO(EPERM, ptrace(PT_ATTACH, 0, NULL, 0) == -1);
80cdebaff8SEnji Cooper }
81cdebaff8SEnji Cooper 
82cdebaff8SEnji Cooper ATF_TC(attach_pid1);
ATF_TC_HEAD(attach_pid1,tc)83cdebaff8SEnji Cooper ATF_TC_HEAD(attach_pid1, tc)
84cdebaff8SEnji Cooper {
85cdebaff8SEnji Cooper 	atf_tc_set_md_var(tc, "descr",
86cdebaff8SEnji Cooper 	    "Assert that a debugger cannot attach to PID 1 (as non-root)");
87cdebaff8SEnji Cooper 
88cdebaff8SEnji Cooper 	atf_tc_set_md_var(tc, "require.user", "unprivileged");
89cdebaff8SEnji Cooper }
90cdebaff8SEnji Cooper 
ATF_TC_BODY(attach_pid1,tc)91cdebaff8SEnji Cooper ATF_TC_BODY(attach_pid1, tc)
92cdebaff8SEnji Cooper {
93cdebaff8SEnji Cooper 	ATF_REQUIRE_ERRNO(EPERM, ptrace(PT_ATTACH, 1, NULL, 0) == -1);
94cdebaff8SEnji Cooper }
95cdebaff8SEnji Cooper 
96cdebaff8SEnji Cooper ATF_TC(attach_pid1_securelevel);
ATF_TC_HEAD(attach_pid1_securelevel,tc)97cdebaff8SEnji Cooper ATF_TC_HEAD(attach_pid1_securelevel, tc)
98cdebaff8SEnji Cooper {
99cdebaff8SEnji Cooper 	atf_tc_set_md_var(tc, "descr",
100cdebaff8SEnji Cooper 	    "Assert that a debugger cannot attach to PID 1 with "
101cdebaff8SEnji Cooper 	    "securelevel >= 1 (as root)");
102cdebaff8SEnji Cooper 
103cdebaff8SEnji Cooper 	atf_tc_set_md_var(tc, "require.user", "root");
104cdebaff8SEnji Cooper }
105cdebaff8SEnji Cooper 
ATF_TC_BODY(attach_pid1_securelevel,tc)106cdebaff8SEnji Cooper ATF_TC_BODY(attach_pid1_securelevel, tc)
107cdebaff8SEnji Cooper {
108cdebaff8SEnji Cooper 	int level;
109cdebaff8SEnji Cooper 	size_t len = sizeof(level);
110cdebaff8SEnji Cooper 
111cdebaff8SEnji Cooper 	ATF_REQUIRE(sysctlbyname("kern.securelevel", &level, &len, NULL, 0)
112cdebaff8SEnji Cooper 	    != -1);
113cdebaff8SEnji Cooper 
114cdebaff8SEnji Cooper 	if (level < 1) {
115cdebaff8SEnji Cooper 		atf_tc_skip("Test must be run with securelevel >= 1");
116cdebaff8SEnji Cooper 	}
117cdebaff8SEnji Cooper 
118cdebaff8SEnji Cooper 	ATF_REQUIRE_ERRNO(EPERM, ptrace(PT_ATTACH, 1, NULL, 0) == -1);
119cdebaff8SEnji Cooper }
120cdebaff8SEnji Cooper 
121cdebaff8SEnji Cooper ATF_TC(attach_self);
ATF_TC_HEAD(attach_self,tc)122cdebaff8SEnji Cooper ATF_TC_HEAD(attach_self, tc)
123cdebaff8SEnji Cooper {
124cdebaff8SEnji Cooper 	atf_tc_set_md_var(tc, "descr",
125cdebaff8SEnji Cooper 	    "Assert that a debugger cannot attach to self (as it's nonsense)");
126cdebaff8SEnji Cooper }
127cdebaff8SEnji Cooper 
ATF_TC_BODY(attach_self,tc)128cdebaff8SEnji Cooper ATF_TC_BODY(attach_self, tc)
129cdebaff8SEnji Cooper {
130cdebaff8SEnji Cooper 	ATF_REQUIRE_ERRNO(EINVAL, ptrace(PT_ATTACH, getpid(), NULL, 0) == -1);
131cdebaff8SEnji Cooper }
132cdebaff8SEnji Cooper 
133cdebaff8SEnji Cooper ATF_TC(attach_chroot);
ATF_TC_HEAD(attach_chroot,tc)134cdebaff8SEnji Cooper ATF_TC_HEAD(attach_chroot, tc)
135cdebaff8SEnji Cooper {
136cdebaff8SEnji Cooper 	atf_tc_set_md_var(tc, "descr",
137cdebaff8SEnji Cooper 	    "Assert that a debugger cannot trace another process unless the "
138cdebaff8SEnji Cooper 	    "process's root directory is at or below the tracing process's "
139cdebaff8SEnji Cooper 	    "root");
140cdebaff8SEnji Cooper 
141cdebaff8SEnji Cooper 	atf_tc_set_md_var(tc, "require.user", "root");
142cdebaff8SEnji Cooper }
143cdebaff8SEnji Cooper 
ATF_TC_BODY(attach_chroot,tc)144cdebaff8SEnji Cooper ATF_TC_BODY(attach_chroot, tc)
145cdebaff8SEnji Cooper {
146cdebaff8SEnji Cooper 	char buf[PATH_MAX];
147cdebaff8SEnji Cooper 	pid_t child;
148cdebaff8SEnji Cooper 	int fds_toparent[2], fds_fromparent[2];
149cdebaff8SEnji Cooper 	int rv;
150cdebaff8SEnji Cooper 	uint8_t msg = 0xde; /* dummy message for IPC based on pipe(2) */
151cdebaff8SEnji Cooper 
152cdebaff8SEnji Cooper 	(void)memset(buf, '\0', sizeof(buf));
153cdebaff8SEnji Cooper 	ATF_REQUIRE(getcwd(buf, sizeof(buf)) != NULL);
154cdebaff8SEnji Cooper 	(void)strlcat(buf, "/dir", sizeof(buf));
155cdebaff8SEnji Cooper 
156cdebaff8SEnji Cooper 	ATF_REQUIRE(mkdir(buf, 0500) == 0);
157cdebaff8SEnji Cooper 	ATF_REQUIRE(chdir(buf) == 0);
158cdebaff8SEnji Cooper 
159cdebaff8SEnji Cooper 	ATF_REQUIRE(pipe(fds_toparent) == 0);
160cdebaff8SEnji Cooper 	ATF_REQUIRE(pipe(fds_fromparent) == 0);
161cdebaff8SEnji Cooper 	child = atf_utils_fork();
162cdebaff8SEnji Cooper 	if (child == 0) {
163cdebaff8SEnji Cooper 		FORKEE_ASSERT(close(fds_toparent[0]) == 0);
164cdebaff8SEnji Cooper 		FORKEE_ASSERT(close(fds_fromparent[1]) == 0);
165cdebaff8SEnji Cooper 
166cdebaff8SEnji Cooper 		FORKEE_ASSERT(chroot(buf) == 0);
167cdebaff8SEnji Cooper 
168cdebaff8SEnji Cooper 		rv = write(fds_toparent[1], &msg, sizeof(msg));
169cdebaff8SEnji Cooper 		FORKEE_ASSERTX(rv == sizeof(msg));
170cdebaff8SEnji Cooper 
171cdebaff8SEnji Cooper 		ATF_REQUIRE_ERRNO(EPERM,
172cdebaff8SEnji Cooper 			ptrace(PT_ATTACH, getppid(), NULL, 0) == -1);
173cdebaff8SEnji Cooper 
174cdebaff8SEnji Cooper 		rv = read(fds_fromparent[0], &msg, sizeof(msg));
175cdebaff8SEnji Cooper 		FORKEE_ASSERTX(rv == sizeof(msg));
176cdebaff8SEnji Cooper 
177cdebaff8SEnji Cooper 		_exit(0);
178cdebaff8SEnji Cooper 	}
179cdebaff8SEnji Cooper 	ATF_REQUIRE(close(fds_toparent[1]) == 0);
180cdebaff8SEnji Cooper 	ATF_REQUIRE(close(fds_fromparent[0]) == 0);
181cdebaff8SEnji Cooper 
182cdebaff8SEnji Cooper 	printf("Waiting for chrooting of the child PID %d", child);
183cdebaff8SEnji Cooper 	rv = read(fds_toparent[0], &msg, sizeof(msg));
184cdebaff8SEnji Cooper 	ATF_REQUIRE(rv == sizeof(msg));
185cdebaff8SEnji Cooper 
186cdebaff8SEnji Cooper 	printf("Child is ready, it will try to PT_ATTACH to parent\n");
187cdebaff8SEnji Cooper 	rv = write(fds_fromparent[1], &msg, sizeof(msg));
188cdebaff8SEnji Cooper 	ATF_REQUIRE(rv == sizeof(msg));
189cdebaff8SEnji Cooper 
190cdebaff8SEnji Cooper         printf("fds_fromparent is no longer needed - close it\n");
191cdebaff8SEnji Cooper         ATF_REQUIRE(close(fds_fromparent[1]) == 0);
192cdebaff8SEnji Cooper 
193cdebaff8SEnji Cooper         printf("fds_toparent is no longer needed - close it\n");
194cdebaff8SEnji Cooper         ATF_REQUIRE(close(fds_toparent[0]) == 0);
195cdebaff8SEnji Cooper }
196cdebaff8SEnji Cooper 
ATF_TP_ADD_TCS(tp)197cdebaff8SEnji Cooper ATF_TP_ADD_TCS(tp)
198cdebaff8SEnji Cooper {
199cdebaff8SEnji Cooper 	setvbuf(stdout, NULL, _IONBF, 0);
200cdebaff8SEnji Cooper 	setvbuf(stderr, NULL, _IONBF, 0);
201cdebaff8SEnji Cooper 	ATF_TP_ADD_TC(tp, attach_pid0);
202cdebaff8SEnji Cooper 	ATF_TP_ADD_TC(tp, attach_pid1);
203cdebaff8SEnji Cooper 	ATF_TP_ADD_TC(tp, attach_pid1_securelevel);
204cdebaff8SEnji Cooper 	ATF_TP_ADD_TC(tp, attach_self);
205cdebaff8SEnji Cooper 	ATF_TP_ADD_TC(tp, attach_chroot);
206cdebaff8SEnji Cooper 
207cdebaff8SEnji Cooper 	return atf_no_error();
208cdebaff8SEnji Cooper }
209