1 2 Inter-Process Authorization Test Suite 3 Robert Watson, TrustedBSD Project 4 5This test suite attempts to determine the behavior of inter-process 6authorization policy present in the kernel. It analyzes a series of 7important scenarios using specifically crafted process credentials 8and a set of operations. It then reports on any divergence from the 9expected results. 10 11Test operations: 12 13ptrace cred1 attempts ptrace attach to cred2 14sighup cred1 attempts SIGHUP of cred2 15sigsegv cred1 attempts SIGSEGV of cred2 16see cred1 attempts getpriority() on cred2 17sched cred1 attempts setpriority() on cred2 18 19Test scenarioes: 20 21priv on priv root process on another root process 22priv on unpriv1 root process on a non-root process 23unpriv1 on priv non-root process on a root process 24unpriv1 on unpriv1 non-root process on a similar non-root process 25unpriv1 on unpriv2 non-root process on a different non-root process 26unpriv1 on daemon1 non-root process on a root daemon process acting with 27 same non-root effective credentials 28unpriv1 on daemon2 non-root process on a root daemon process acting with 29 different non-root effective credentials 30unpriv1 on setuid1 non-root process on a setuid-root process with same 31 non-root real credentials 32unpriv1 on setuid2 non-root process on a setuid-root process with 33 different non-root real credentials 34 35The credential elements supported by the test suite are: 36 37 effective uid 38 real uid 39 saved uid 40 P_SUGID flag 41 42Other untested aspects of interest include groups, as well as session 43relationship. Other test operations that might be of interest are SIGCONT, 44and SIGIO. 45 46The current set of tests includes some tests where normally the P_SUGID 47flag is set, but isn't in the test. The result is that some tests fail 48that may not reflect real-world software configurations. However, they 49do point to possible changes that could be made in the authorization system 50to improve resilience to failure or violation of invariants. 51 52These tests rely on __setugid(), a system call enabled using options 53REGRESSION. 54