xref: /freebsd/tools/regression/security/proc_to_proc/README (revision 2be1a816b9ff69588e55be0a84cbe2a31efc0f2f)
1$FreeBSD$
2
3  Inter-Process Authorization Test Suite
4  Robert Watson, TrustedBSD Project
5
6This test suite attempts to determine the behavior of inter-process
7authorization policy present in the kernel.  It analyzes a series of
8important scenarios using specifically crafted process credentials
9and a set of operations.  It then reports on any divergence from the
10expected results.
11
12Test operations:
13
14ptrace		cred1 attempts ptrace attach to cred2
15sighup		cred1 attempts SIGHUP of cred2
16sigsegv		cred1 attempts SIGSEGV of cred2
17see		cred1 attempts getpriority() on cred2
18sched		cred1 attempts setpriority() on cred2
19
20Test scenarioes:
21
22priv on priv		root process on another root process
23priv on unpriv1		root process on a non-root process
24unpriv1 on priv		non-root process on a root process
25unpriv1 on unpriv1	non-root process on a similar non-root process
26unpriv1 on unpriv2	non-root process on a different non-root process
27unpriv1 on daemon1	non-root process on a root daemon process acting with
28			same non-root effective credentials
29unpriv1 on daemon2	non-root process on a root daemon process acting with
30			different non-root effective credentials
31unpriv1 on setuid1	non-root process on a setuid-root process with same
32			non-root real credentials
33unpriv1 on setuid2	non-root process on a setuid-root process with
34			different non-root real credentials
35
36The credential elements supported by the test suite are:
37
38	effective uid
39	real uid
40	saved uid
41	P_SUGID flag
42
43Other untested aspects of interest include groups, as well as session
44relationship.  Other test operations that might be of interest are SIGCONT,
45and SIGIO.
46
47The current set of tests includes some tests where normally the P_SUGID
48flag is set, but isn't in the test.  The result is that some tests fail
49that may not reflect real-world software configurations.  However, they
50do point to possible changes that could be made in the authorization system
51to improve resilience to failure or violation of invariants.
52
53These tests rely on __setugid(), a system call enabled using options
54REGRESSION.
55