1*ddba0402SEnji Cooper /* $NetBSD: t_chroot.c,v 1.2 2017/01/10 22:36:29 christos Exp $ */ 257718be8SEnji Cooper 357718be8SEnji Cooper /*- 457718be8SEnji Cooper * Copyright (c) 2011 The NetBSD Foundation, Inc. 557718be8SEnji Cooper * All rights reserved. 657718be8SEnji Cooper * 757718be8SEnji Cooper * This code is derived from software contributed to The NetBSD Foundation 857718be8SEnji Cooper * by Jukka Ruohonen. 957718be8SEnji Cooper * 1057718be8SEnji Cooper * Redistribution and use in source and binary forms, with or without 1157718be8SEnji Cooper * modification, are permitted provided that the following conditions 1257718be8SEnji Cooper * are met: 1357718be8SEnji Cooper * 1. Redistributions of source code must retain the above copyright 1457718be8SEnji Cooper * notice, this list of conditions and the following disclaimer. 1557718be8SEnji Cooper * 2. Redistributions in binary form must reproduce the above copyright 1657718be8SEnji Cooper * notice, this list of conditions and the following disclaimer in the 1757718be8SEnji Cooper * documentation and/or other materials provided with the distribution. 1857718be8SEnji Cooper * 1957718be8SEnji Cooper * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 2057718be8SEnji Cooper * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 2157718be8SEnji Cooper * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 2257718be8SEnji Cooper * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 2357718be8SEnji Cooper * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2457718be8SEnji Cooper * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2557718be8SEnji Cooper * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 2657718be8SEnji Cooper * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 2757718be8SEnji Cooper * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2857718be8SEnji Cooper * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2957718be8SEnji Cooper * POSSIBILITY OF SUCH DAMAGE. 3057718be8SEnji Cooper */ 3157718be8SEnji Cooper #include <sys/cdefs.h> 32*ddba0402SEnji Cooper __RCSID("$NetBSD: t_chroot.c,v 1.2 2017/01/10 22:36:29 christos Exp $"); 3357718be8SEnji Cooper 3457718be8SEnji Cooper #include <sys/wait.h> 35*ddba0402SEnji Cooper #include <sys/stat.h> 3657718be8SEnji Cooper 3757718be8SEnji Cooper #include <atf-c.h> 3857718be8SEnji Cooper #include <errno.h> 3957718be8SEnji Cooper #include <fcntl.h> 4057718be8SEnji Cooper #include <limits.h> 4157718be8SEnji Cooper #include <pwd.h> 4257718be8SEnji Cooper #include <stdlib.h> 4357718be8SEnji Cooper #include <string.h> 4457718be8SEnji Cooper #include <unistd.h> 4557718be8SEnji Cooper 4657718be8SEnji Cooper ATF_TC(chroot_basic); 4757718be8SEnji Cooper ATF_TC_HEAD(chroot_basic, tc) 4857718be8SEnji Cooper { 4957718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "A basic test of chroot(2)"); 5057718be8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "root"); 5157718be8SEnji Cooper } 5257718be8SEnji Cooper 5357718be8SEnji Cooper ATF_TC_BODY(chroot_basic, tc) 5457718be8SEnji Cooper { 5557718be8SEnji Cooper char buf[PATH_MAX]; 5657718be8SEnji Cooper int fd, sta; 5757718be8SEnji Cooper pid_t pid; 5857718be8SEnji Cooper 5957718be8SEnji Cooper (void)memset(buf, '\0', sizeof(buf)); 6057718be8SEnji Cooper (void)getcwd(buf, sizeof(buf)); 6157718be8SEnji Cooper (void)strlcat(buf, "/dir", sizeof(buf)); 6257718be8SEnji Cooper 6357718be8SEnji Cooper ATF_REQUIRE(mkdir(buf, 0500) == 0); 6457718be8SEnji Cooper ATF_REQUIRE(chdir(buf) == 0); 6557718be8SEnji Cooper 6657718be8SEnji Cooper pid = fork(); 6757718be8SEnji Cooper ATF_REQUIRE(pid >= 0); 6857718be8SEnji Cooper 6957718be8SEnji Cooper if (pid == 0) { 7057718be8SEnji Cooper 7157718be8SEnji Cooper if (chroot(buf) != 0) 7257718be8SEnji Cooper _exit(EXIT_FAILURE); 7357718be8SEnji Cooper 7457718be8SEnji Cooper errno = 0; 7557718be8SEnji Cooper 7657718be8SEnji Cooper if (chroot("/root") != -1) 7757718be8SEnji Cooper _exit(EXIT_FAILURE); 7857718be8SEnji Cooper 7957718be8SEnji Cooper if (errno != ENOENT) 8057718be8SEnji Cooper _exit(EXIT_FAILURE); 8157718be8SEnji Cooper 8257718be8SEnji Cooper fd = open("file", O_RDONLY | O_CREAT, 0600); 8357718be8SEnji Cooper 8457718be8SEnji Cooper if (fd < 0) 8557718be8SEnji Cooper _exit(EXIT_FAILURE); 8657718be8SEnji Cooper 8757718be8SEnji Cooper if (close(fd) != 0) 8857718be8SEnji Cooper _exit(EXIT_FAILURE); 8957718be8SEnji Cooper 9057718be8SEnji Cooper _exit(EXIT_SUCCESS); 9157718be8SEnji Cooper } 9257718be8SEnji Cooper 9357718be8SEnji Cooper (void)wait(&sta); 9457718be8SEnji Cooper 9557718be8SEnji Cooper if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS) 9657718be8SEnji Cooper atf_tc_fail("chroot(2) failed"); 9757718be8SEnji Cooper 9857718be8SEnji Cooper (void)chdir("/"); 9957718be8SEnji Cooper (void)strlcat(buf, "/file", sizeof(buf)); 10057718be8SEnji Cooper 10157718be8SEnji Cooper fd = open(buf, O_RDONLY); 10257718be8SEnji Cooper 10357718be8SEnji Cooper if (fd < 0) 10457718be8SEnji Cooper atf_tc_fail("chroot(2) did not change the root directory"); 10557718be8SEnji Cooper 10657718be8SEnji Cooper ATF_REQUIRE(close(fd) == 0); 10757718be8SEnji Cooper ATF_REQUIRE(unlink(buf) == 0); 10857718be8SEnji Cooper } 10957718be8SEnji Cooper 11057718be8SEnji Cooper ATF_TC(chroot_err); 11157718be8SEnji Cooper ATF_TC_HEAD(chroot_err, tc) 11257718be8SEnji Cooper { 11357718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "Test error conditions of chroot(2)"); 11457718be8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "root"); 11557718be8SEnji Cooper } 11657718be8SEnji Cooper 11757718be8SEnji Cooper ATF_TC_BODY(chroot_err, tc) 11857718be8SEnji Cooper { 11957718be8SEnji Cooper char buf[PATH_MAX + 1]; 12057718be8SEnji Cooper 12157718be8SEnji Cooper (void)memset(buf, 'x', sizeof(buf)); 12257718be8SEnji Cooper 12357718be8SEnji Cooper errno = 0; 12457718be8SEnji Cooper ATF_REQUIRE_ERRNO(ENAMETOOLONG, chroot(buf) == -1); 12557718be8SEnji Cooper 12657718be8SEnji Cooper errno = 0; 12757718be8SEnji Cooper ATF_REQUIRE_ERRNO(EFAULT, chroot((void *)-1) == -1); 12857718be8SEnji Cooper 12957718be8SEnji Cooper errno = 0; 13057718be8SEnji Cooper ATF_REQUIRE_ERRNO(ENOENT, chroot("/a/b/c/d/e/f/g/h/i/j") == -1); 13157718be8SEnji Cooper } 13257718be8SEnji Cooper 13357718be8SEnji Cooper ATF_TC(chroot_perm); 13457718be8SEnji Cooper ATF_TC_HEAD(chroot_perm, tc) 13557718be8SEnji Cooper { 13657718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "Test permissions with chroot(2)"); 13757718be8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "unprivileged"); 13857718be8SEnji Cooper } 13957718be8SEnji Cooper 14057718be8SEnji Cooper ATF_TC_BODY(chroot_perm, tc) 14157718be8SEnji Cooper { 14257718be8SEnji Cooper static char buf[LINE_MAX]; 14357718be8SEnji Cooper pid_t pid; 14457718be8SEnji Cooper int sta; 14557718be8SEnji Cooper 14657718be8SEnji Cooper (void)memset(buf, '\0', sizeof(buf)); 14757718be8SEnji Cooper ATF_REQUIRE(getcwd(buf, sizeof(buf)) != NULL); 14857718be8SEnji Cooper 14957718be8SEnji Cooper pid = fork(); 15057718be8SEnji Cooper ATF_REQUIRE(pid >= 0); 15157718be8SEnji Cooper 15257718be8SEnji Cooper if (pid == 0) { 15357718be8SEnji Cooper 15457718be8SEnji Cooper errno = 0; 15557718be8SEnji Cooper 15657718be8SEnji Cooper if (chroot(buf) != -1) 15757718be8SEnji Cooper _exit(EXIT_FAILURE); 15857718be8SEnji Cooper 15957718be8SEnji Cooper if (errno != EPERM) 16057718be8SEnji Cooper _exit(EXIT_FAILURE); 16157718be8SEnji Cooper 16257718be8SEnji Cooper _exit(EXIT_SUCCESS); 16357718be8SEnji Cooper } 16457718be8SEnji Cooper 16557718be8SEnji Cooper (void)wait(&sta); 16657718be8SEnji Cooper 16757718be8SEnji Cooper if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS) 16857718be8SEnji Cooper atf_tc_fail("chroot(2) succeeded as unprivileged user"); 16957718be8SEnji Cooper } 17057718be8SEnji Cooper 171203a8409SEnji Cooper #ifdef __NetBSD__ 17257718be8SEnji Cooper ATF_TC(fchroot_basic); 17357718be8SEnji Cooper ATF_TC_HEAD(fchroot_basic, tc) 17457718be8SEnji Cooper { 17557718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "A basic test of fchroot(2)"); 17657718be8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "root"); 17757718be8SEnji Cooper } 17857718be8SEnji Cooper 17957718be8SEnji Cooper ATF_TC_BODY(fchroot_basic, tc) 18057718be8SEnji Cooper { 18157718be8SEnji Cooper char buf[PATH_MAX]; 18257718be8SEnji Cooper int fd, sta; 18357718be8SEnji Cooper pid_t pid; 18457718be8SEnji Cooper 18557718be8SEnji Cooper (void)memset(buf, '\0', sizeof(buf)); 18657718be8SEnji Cooper (void)getcwd(buf, sizeof(buf)); 18757718be8SEnji Cooper (void)strlcat(buf, "/dir", sizeof(buf)); 18857718be8SEnji Cooper 18957718be8SEnji Cooper ATF_REQUIRE(mkdir(buf, 0500) == 0); 19057718be8SEnji Cooper ATF_REQUIRE(chdir(buf) == 0); 19157718be8SEnji Cooper 19257718be8SEnji Cooper fd = open(buf, O_RDONLY); 19357718be8SEnji Cooper ATF_REQUIRE(fd >= 0); 19457718be8SEnji Cooper 19557718be8SEnji Cooper pid = fork(); 19657718be8SEnji Cooper ATF_REQUIRE(pid >= 0); 19757718be8SEnji Cooper 19857718be8SEnji Cooper if (pid == 0) { 19957718be8SEnji Cooper 20057718be8SEnji Cooper if (fchroot(fd) != 0) 20157718be8SEnji Cooper _exit(EXIT_FAILURE); 20257718be8SEnji Cooper 20357718be8SEnji Cooper if (close(fd) != 0) 20457718be8SEnji Cooper _exit(EXIT_FAILURE); 20557718be8SEnji Cooper 20657718be8SEnji Cooper fd = open("file", O_RDONLY | O_CREAT, 0600); 20757718be8SEnji Cooper 20857718be8SEnji Cooper if (fd < 0) 20957718be8SEnji Cooper _exit(EXIT_FAILURE); 21057718be8SEnji Cooper 21157718be8SEnji Cooper if (close(fd) != 0) 21257718be8SEnji Cooper _exit(EXIT_FAILURE); 21357718be8SEnji Cooper 21457718be8SEnji Cooper _exit(EXIT_SUCCESS); 21557718be8SEnji Cooper } 21657718be8SEnji Cooper 21757718be8SEnji Cooper (void)wait(&sta); 21857718be8SEnji Cooper 21957718be8SEnji Cooper if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS) 22057718be8SEnji Cooper atf_tc_fail("fchroot(2) failed"); 22157718be8SEnji Cooper 22257718be8SEnji Cooper (void)chdir("/"); 22357718be8SEnji Cooper (void)strlcat(buf, "/file", sizeof(buf)); 22457718be8SEnji Cooper 22557718be8SEnji Cooper fd = open(buf, O_RDONLY); 22657718be8SEnji Cooper 22757718be8SEnji Cooper if (fd < 0) 22857718be8SEnji Cooper atf_tc_fail("fchroot(2) did not change the root directory"); 22957718be8SEnji Cooper 23057718be8SEnji Cooper ATF_REQUIRE(close(fd) == 0); 23157718be8SEnji Cooper ATF_REQUIRE(unlink(buf) == 0); 23257718be8SEnji Cooper } 23357718be8SEnji Cooper 23457718be8SEnji Cooper ATF_TC(fchroot_err); 23557718be8SEnji Cooper ATF_TC_HEAD(fchroot_err, tc) 23657718be8SEnji Cooper { 23757718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "Test error conditions of fchroot(2)"); 23857718be8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "root"); 23957718be8SEnji Cooper } 24057718be8SEnji Cooper 24157718be8SEnji Cooper ATF_TC_BODY(fchroot_err, tc) 24257718be8SEnji Cooper { 24357718be8SEnji Cooper int fd; 24457718be8SEnji Cooper 24557718be8SEnji Cooper fd = open("/etc/passwd", O_RDONLY); 24657718be8SEnji Cooper ATF_REQUIRE(fd >= 0); 24757718be8SEnji Cooper 24857718be8SEnji Cooper errno = 0; 24957718be8SEnji Cooper ATF_REQUIRE_ERRNO(EBADF, fchroot(-1) == -1); 25057718be8SEnji Cooper 25157718be8SEnji Cooper errno = 0; 25257718be8SEnji Cooper ATF_REQUIRE_ERRNO(ENOTDIR, fchroot(fd) == -1); 25357718be8SEnji Cooper 25457718be8SEnji Cooper ATF_REQUIRE(close(fd) == 0); 25557718be8SEnji Cooper } 25657718be8SEnji Cooper 25757718be8SEnji Cooper ATF_TC(fchroot_perm); 25857718be8SEnji Cooper ATF_TC_HEAD(fchroot_perm, tc) 25957718be8SEnji Cooper { 26057718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "Test permissions with fchroot(2)"); 26157718be8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "root"); 26257718be8SEnji Cooper } 26357718be8SEnji Cooper 26457718be8SEnji Cooper ATF_TC_BODY(fchroot_perm, tc) 26557718be8SEnji Cooper { 26657718be8SEnji Cooper static char buf[LINE_MAX]; 26757718be8SEnji Cooper struct passwd *pw; 26857718be8SEnji Cooper int fd, sta; 26957718be8SEnji Cooper pid_t pid; 27057718be8SEnji Cooper 27157718be8SEnji Cooper (void)memset(buf, '\0', sizeof(buf)); 27257718be8SEnji Cooper ATF_REQUIRE(getcwd(buf, sizeof(buf)) != NULL); 27357718be8SEnji Cooper 27457718be8SEnji Cooper pw = getpwnam("nobody"); 27557718be8SEnji Cooper fd = open(buf, O_RDONLY); 27657718be8SEnji Cooper 27757718be8SEnji Cooper ATF_REQUIRE(fd >= 0); 27857718be8SEnji Cooper ATF_REQUIRE(pw != NULL); 27957718be8SEnji Cooper 28057718be8SEnji Cooper pid = fork(); 28157718be8SEnji Cooper ATF_REQUIRE(pid >= 0); 28257718be8SEnji Cooper 28357718be8SEnji Cooper if (pid == 0) { 28457718be8SEnji Cooper 28557718be8SEnji Cooper (void)setuid(pw->pw_uid); 28657718be8SEnji Cooper 28757718be8SEnji Cooper errno = 0; 28857718be8SEnji Cooper 28957718be8SEnji Cooper if (fchroot(fd) != -1) 29057718be8SEnji Cooper _exit(EXIT_FAILURE); 29157718be8SEnji Cooper 29257718be8SEnji Cooper if (errno != EPERM) 29357718be8SEnji Cooper _exit(EXIT_FAILURE); 29457718be8SEnji Cooper 29557718be8SEnji Cooper _exit(EXIT_SUCCESS); 29657718be8SEnji Cooper } 29757718be8SEnji Cooper 29857718be8SEnji Cooper (void)wait(&sta); 29957718be8SEnji Cooper 30057718be8SEnji Cooper if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS) 30157718be8SEnji Cooper atf_tc_fail("fchroot(2) succeeded as unprivileged user"); 30257718be8SEnji Cooper } 303203a8409SEnji Cooper #endif 30457718be8SEnji Cooper 30557718be8SEnji Cooper ATF_TP_ADD_TCS(tp) 30657718be8SEnji Cooper { 30757718be8SEnji Cooper 30857718be8SEnji Cooper ATF_TP_ADD_TC(tp, chroot_basic); 30957718be8SEnji Cooper ATF_TP_ADD_TC(tp, chroot_err); 31057718be8SEnji Cooper ATF_TP_ADD_TC(tp, chroot_perm); 311203a8409SEnji Cooper #ifdef __NetBSD__ 31257718be8SEnji Cooper ATF_TP_ADD_TC(tp, fchroot_basic); 31357718be8SEnji Cooper ATF_TP_ADD_TC(tp, fchroot_err); 31457718be8SEnji Cooper ATF_TP_ADD_TC(tp, fchroot_perm); 315203a8409SEnji Cooper #endif 31657718be8SEnji Cooper 31757718be8SEnji Cooper return atf_no_error(); 31857718be8SEnji Cooper } 319