1*63d1fd59SEnji Cooper /* $NetBSD: t_ptrace.c,v 1.18 2017/01/13 21:30:41 christos Exp $ */ 2cdebaff8SEnji Cooper 3cdebaff8SEnji Cooper /*- 4cdebaff8SEnji Cooper * Copyright (c) 2016 The NetBSD Foundation, Inc. 5cdebaff8SEnji Cooper * All rights reserved. 6cdebaff8SEnji Cooper * 7cdebaff8SEnji Cooper * Redistribution and use in source and binary forms, with or without 8cdebaff8SEnji Cooper * modification, are permitted provided that the following conditions 9cdebaff8SEnji Cooper * are met: 10cdebaff8SEnji Cooper * 1. Redistributions of source code must retain the above copyright 11cdebaff8SEnji Cooper * notice, this list of conditions and the following disclaimer. 12cdebaff8SEnji Cooper * 2. Redistributions in binary form must reproduce the above copyright 13cdebaff8SEnji Cooper * notice, this list of conditions and the following disclaimer in the 14cdebaff8SEnji Cooper * documentation and/or other materials provided with the distribution. 15cdebaff8SEnji Cooper * 16cdebaff8SEnji Cooper * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17cdebaff8SEnji Cooper * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18cdebaff8SEnji Cooper * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19cdebaff8SEnji Cooper * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20cdebaff8SEnji Cooper * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21cdebaff8SEnji Cooper * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22cdebaff8SEnji Cooper * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23cdebaff8SEnji Cooper * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24cdebaff8SEnji Cooper * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25cdebaff8SEnji Cooper * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26cdebaff8SEnji Cooper * POSSIBILITY OF SUCH DAMAGE. 27cdebaff8SEnji Cooper */ 28cdebaff8SEnji Cooper 29cdebaff8SEnji Cooper #include <sys/cdefs.h> 30*63d1fd59SEnji Cooper __RCSID("$NetBSD: t_ptrace.c,v 1.18 2017/01/13 21:30:41 christos Exp $"); 31cdebaff8SEnji Cooper 32cdebaff8SEnji Cooper #include <sys/param.h> 33cdebaff8SEnji Cooper #include <sys/types.h> 34cdebaff8SEnji Cooper #include <sys/ptrace.h> 35cdebaff8SEnji Cooper #include <sys/stat.h> 36cdebaff8SEnji Cooper #include <sys/sysctl.h> 37cdebaff8SEnji Cooper #include <err.h> 38cdebaff8SEnji Cooper #include <errno.h> 39cdebaff8SEnji Cooper #include <unistd.h> 40cdebaff8SEnji Cooper 41cdebaff8SEnji Cooper #include <atf-c.h> 42cdebaff8SEnji Cooper 43*63d1fd59SEnji Cooper #include "h_macros.h" 44cdebaff8SEnji Cooper 45cdebaff8SEnji Cooper /* 46cdebaff8SEnji Cooper * A child process cannot call atf functions and expect them to magically 47cdebaff8SEnji Cooper * work like in the parent. 48cdebaff8SEnji Cooper * The printf(3) messaging from a child will not work out of the box as well 49cdebaff8SEnji Cooper * without estabilishing a communication protocol with its parent. To not 50cdebaff8SEnji Cooper * overcomplicate the tests - do not log from a child and use err(3)/errx(3) 51cdebaff8SEnji Cooper * wrapped with FORKEE_ASSERT()/FORKEE_ASSERTX() as that is guaranteed to work. 52cdebaff8SEnji Cooper */ 53cdebaff8SEnji Cooper #define FORKEE_ASSERTX(x) \ 54cdebaff8SEnji Cooper do { \ 55cdebaff8SEnji Cooper int ret = (x); \ 56cdebaff8SEnji Cooper if (!ret) \ 57cdebaff8SEnji Cooper errx(EXIT_FAILURE, "%s:%d %s(): Assertion failed for: %s", \ 58cdebaff8SEnji Cooper __FILE__, __LINE__, __func__, #x); \ 59cdebaff8SEnji Cooper } while (0) 60cdebaff8SEnji Cooper 61cdebaff8SEnji Cooper #define FORKEE_ASSERT(x) \ 62cdebaff8SEnji Cooper do { \ 63cdebaff8SEnji Cooper int ret = (x); \ 64cdebaff8SEnji Cooper if (!ret) \ 65cdebaff8SEnji Cooper err(EXIT_FAILURE, "%s:%d %s(): Assertion failed for: %s", \ 66cdebaff8SEnji Cooper __FILE__, __LINE__, __func__, #x); \ 67cdebaff8SEnji Cooper } while (0) 68cdebaff8SEnji Cooper 69cdebaff8SEnji Cooper ATF_TC(attach_pid0); 70cdebaff8SEnji Cooper ATF_TC_HEAD(attach_pid0, tc) 71cdebaff8SEnji Cooper { 72cdebaff8SEnji Cooper atf_tc_set_md_var(tc, "descr", 73cdebaff8SEnji Cooper "Assert that a debugger cannot attach to PID 0"); 74cdebaff8SEnji Cooper } 75cdebaff8SEnji Cooper 76cdebaff8SEnji Cooper ATF_TC_BODY(attach_pid0, tc) 77cdebaff8SEnji Cooper { 78cdebaff8SEnji Cooper errno = 0; 79cdebaff8SEnji Cooper ATF_REQUIRE_ERRNO(EPERM, ptrace(PT_ATTACH, 0, NULL, 0) == -1); 80cdebaff8SEnji Cooper } 81cdebaff8SEnji Cooper 82cdebaff8SEnji Cooper ATF_TC(attach_pid1); 83cdebaff8SEnji Cooper ATF_TC_HEAD(attach_pid1, tc) 84cdebaff8SEnji Cooper { 85cdebaff8SEnji Cooper atf_tc_set_md_var(tc, "descr", 86cdebaff8SEnji Cooper "Assert that a debugger cannot attach to PID 1 (as non-root)"); 87cdebaff8SEnji Cooper 88cdebaff8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "unprivileged"); 89cdebaff8SEnji Cooper } 90cdebaff8SEnji Cooper 91cdebaff8SEnji Cooper ATF_TC_BODY(attach_pid1, tc) 92cdebaff8SEnji Cooper { 93cdebaff8SEnji Cooper ATF_REQUIRE_ERRNO(EPERM, ptrace(PT_ATTACH, 1, NULL, 0) == -1); 94cdebaff8SEnji Cooper } 95cdebaff8SEnji Cooper 96cdebaff8SEnji Cooper ATF_TC(attach_pid1_securelevel); 97cdebaff8SEnji Cooper ATF_TC_HEAD(attach_pid1_securelevel, tc) 98cdebaff8SEnji Cooper { 99cdebaff8SEnji Cooper atf_tc_set_md_var(tc, "descr", 100cdebaff8SEnji Cooper "Assert that a debugger cannot attach to PID 1 with " 101cdebaff8SEnji Cooper "securelevel >= 1 (as root)"); 102cdebaff8SEnji Cooper 103cdebaff8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "root"); 104cdebaff8SEnji Cooper } 105cdebaff8SEnji Cooper 106cdebaff8SEnji Cooper ATF_TC_BODY(attach_pid1_securelevel, tc) 107cdebaff8SEnji Cooper { 108cdebaff8SEnji Cooper int level; 109cdebaff8SEnji Cooper size_t len = sizeof(level); 110cdebaff8SEnji Cooper 111cdebaff8SEnji Cooper ATF_REQUIRE(sysctlbyname("kern.securelevel", &level, &len, NULL, 0) 112cdebaff8SEnji Cooper != -1); 113cdebaff8SEnji Cooper 114cdebaff8SEnji Cooper if (level < 1) { 115cdebaff8SEnji Cooper atf_tc_skip("Test must be run with securelevel >= 1"); 116cdebaff8SEnji Cooper } 117cdebaff8SEnji Cooper 118cdebaff8SEnji Cooper ATF_REQUIRE_ERRNO(EPERM, ptrace(PT_ATTACH, 1, NULL, 0) == -1); 119cdebaff8SEnji Cooper } 120cdebaff8SEnji Cooper 121cdebaff8SEnji Cooper ATF_TC(attach_self); 122cdebaff8SEnji Cooper ATF_TC_HEAD(attach_self, tc) 123cdebaff8SEnji Cooper { 124cdebaff8SEnji Cooper atf_tc_set_md_var(tc, "descr", 125cdebaff8SEnji Cooper "Assert that a debugger cannot attach to self (as it's nonsense)"); 126cdebaff8SEnji Cooper } 127cdebaff8SEnji Cooper 128cdebaff8SEnji Cooper ATF_TC_BODY(attach_self, tc) 129cdebaff8SEnji Cooper { 130cdebaff8SEnji Cooper ATF_REQUIRE_ERRNO(EINVAL, ptrace(PT_ATTACH, getpid(), NULL, 0) == -1); 131cdebaff8SEnji Cooper } 132cdebaff8SEnji Cooper 133cdebaff8SEnji Cooper ATF_TC(attach_chroot); 134cdebaff8SEnji Cooper ATF_TC_HEAD(attach_chroot, tc) 135cdebaff8SEnji Cooper { 136cdebaff8SEnji Cooper atf_tc_set_md_var(tc, "descr", 137cdebaff8SEnji Cooper "Assert that a debugger cannot trace another process unless the " 138cdebaff8SEnji Cooper "process's root directory is at or below the tracing process's " 139cdebaff8SEnji Cooper "root"); 140cdebaff8SEnji Cooper 141cdebaff8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "root"); 142cdebaff8SEnji Cooper } 143cdebaff8SEnji Cooper 144cdebaff8SEnji Cooper ATF_TC_BODY(attach_chroot, tc) 145cdebaff8SEnji Cooper { 146cdebaff8SEnji Cooper char buf[PATH_MAX]; 147cdebaff8SEnji Cooper pid_t child; 148cdebaff8SEnji Cooper int fds_toparent[2], fds_fromparent[2]; 149cdebaff8SEnji Cooper int rv; 150cdebaff8SEnji Cooper uint8_t msg = 0xde; /* dummy message for IPC based on pipe(2) */ 151cdebaff8SEnji Cooper 152cdebaff8SEnji Cooper (void)memset(buf, '\0', sizeof(buf)); 153cdebaff8SEnji Cooper ATF_REQUIRE(getcwd(buf, sizeof(buf)) != NULL); 154cdebaff8SEnji Cooper (void)strlcat(buf, "/dir", sizeof(buf)); 155cdebaff8SEnji Cooper 156cdebaff8SEnji Cooper ATF_REQUIRE(mkdir(buf, 0500) == 0); 157cdebaff8SEnji Cooper ATF_REQUIRE(chdir(buf) == 0); 158cdebaff8SEnji Cooper 159cdebaff8SEnji Cooper ATF_REQUIRE(pipe(fds_toparent) == 0); 160cdebaff8SEnji Cooper ATF_REQUIRE(pipe(fds_fromparent) == 0); 161cdebaff8SEnji Cooper child = atf_utils_fork(); 162cdebaff8SEnji Cooper if (child == 0) { 163cdebaff8SEnji Cooper FORKEE_ASSERT(close(fds_toparent[0]) == 0); 164cdebaff8SEnji Cooper FORKEE_ASSERT(close(fds_fromparent[1]) == 0); 165cdebaff8SEnji Cooper 166cdebaff8SEnji Cooper FORKEE_ASSERT(chroot(buf) == 0); 167cdebaff8SEnji Cooper 168cdebaff8SEnji Cooper rv = write(fds_toparent[1], &msg, sizeof(msg)); 169cdebaff8SEnji Cooper FORKEE_ASSERTX(rv == sizeof(msg)); 170cdebaff8SEnji Cooper 171cdebaff8SEnji Cooper ATF_REQUIRE_ERRNO(EPERM, 172cdebaff8SEnji Cooper ptrace(PT_ATTACH, getppid(), NULL, 0) == -1); 173cdebaff8SEnji Cooper 174cdebaff8SEnji Cooper rv = read(fds_fromparent[0], &msg, sizeof(msg)); 175cdebaff8SEnji Cooper FORKEE_ASSERTX(rv == sizeof(msg)); 176cdebaff8SEnji Cooper 177cdebaff8SEnji Cooper _exit(0); 178cdebaff8SEnji Cooper } 179cdebaff8SEnji Cooper ATF_REQUIRE(close(fds_toparent[1]) == 0); 180cdebaff8SEnji Cooper ATF_REQUIRE(close(fds_fromparent[0]) == 0); 181cdebaff8SEnji Cooper 182cdebaff8SEnji Cooper printf("Waiting for chrooting of the child PID %d", child); 183cdebaff8SEnji Cooper rv = read(fds_toparent[0], &msg, sizeof(msg)); 184cdebaff8SEnji Cooper ATF_REQUIRE(rv == sizeof(msg)); 185cdebaff8SEnji Cooper 186cdebaff8SEnji Cooper printf("Child is ready, it will try to PT_ATTACH to parent\n"); 187cdebaff8SEnji Cooper rv = write(fds_fromparent[1], &msg, sizeof(msg)); 188cdebaff8SEnji Cooper ATF_REQUIRE(rv == sizeof(msg)); 189cdebaff8SEnji Cooper 190cdebaff8SEnji Cooper printf("fds_fromparent is no longer needed - close it\n"); 191cdebaff8SEnji Cooper ATF_REQUIRE(close(fds_fromparent[1]) == 0); 192cdebaff8SEnji Cooper 193cdebaff8SEnji Cooper printf("fds_toparent is no longer needed - close it\n"); 194cdebaff8SEnji Cooper ATF_REQUIRE(close(fds_toparent[0]) == 0); 195cdebaff8SEnji Cooper } 196cdebaff8SEnji Cooper 197cdebaff8SEnji Cooper ATF_TP_ADD_TCS(tp) 198cdebaff8SEnji Cooper { 199cdebaff8SEnji Cooper setvbuf(stdout, NULL, _IONBF, 0); 200cdebaff8SEnji Cooper setvbuf(stderr, NULL, _IONBF, 0); 201cdebaff8SEnji Cooper ATF_TP_ADD_TC(tp, attach_pid0); 202cdebaff8SEnji Cooper ATF_TP_ADD_TC(tp, attach_pid1); 203cdebaff8SEnji Cooper ATF_TP_ADD_TC(tp, attach_pid1_securelevel); 204cdebaff8SEnji Cooper ATF_TP_ADD_TC(tp, attach_self); 205cdebaff8SEnji Cooper ATF_TP_ADD_TC(tp, attach_chroot); 206cdebaff8SEnji Cooper 207cdebaff8SEnji Cooper return atf_no_error(); 208cdebaff8SEnji Cooper } 209