xref: /freebsd/tools/regression/security/proc_to_proc/README (revision f126890ac5386406dadf7c4cfa9566cbb56537c5)
1
2  Inter-Process Authorization Test Suite
3  Robert Watson, TrustedBSD Project
4
5This test suite attempts to determine the behavior of inter-process
6authorization policy present in the kernel.  It analyzes a series of
7important scenarios using specifically crafted process credentials
8and a set of operations.  It then reports on any divergence from the
9expected results.
10
11Test operations:
12
13ptrace		cred1 attempts ptrace attach to cred2
14sighup		cred1 attempts SIGHUP of cred2
15sigsegv		cred1 attempts SIGSEGV of cred2
16see		cred1 attempts getpriority() on cred2
17sched		cred1 attempts setpriority() on cred2
18
19Test scenarioes:
20
21priv on priv		root process on another root process
22priv on unpriv1		root process on a non-root process
23unpriv1 on priv		non-root process on a root process
24unpriv1 on unpriv1	non-root process on a similar non-root process
25unpriv1 on unpriv2	non-root process on a different non-root process
26unpriv1 on daemon1	non-root process on a root daemon process acting with
27			same non-root effective credentials
28unpriv1 on daemon2	non-root process on a root daemon process acting with
29			different non-root effective credentials
30unpriv1 on setuid1	non-root process on a setuid-root process with same
31			non-root real credentials
32unpriv1 on setuid2	non-root process on a setuid-root process with
33			different non-root real credentials
34
35The credential elements supported by the test suite are:
36
37	effective uid
38	real uid
39	saved uid
40	P_SUGID flag
41
42Other untested aspects of interest include groups, as well as session
43relationship.  Other test operations that might be of interest are SIGCONT,
44and SIGIO.
45
46The current set of tests includes some tests where normally the P_SUGID
47flag is set, but isn't in the test.  The result is that some tests fail
48that may not reflect real-world software configurations.  However, they
49do point to possible changes that could be made in the authorization system
50to improve resilience to failure or violation of invariants.
51
52These tests rely on __setugid(), a system call enabled using options
53REGRESSION.
54