client/site_tests/security_ptraceRestrictions/src/ptrace-restrictions.sh - mirrors/cros/chromiumos/third_party/autotest - Git at Google

 #!/bin/bash
 # Copyright (c) 2012 The Chromium OS Authors.
 #
 # Based on:
 # http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/view/head:/scripts/kernel-security/ptrace/ptrace-restrictions.sh
 # Copyright (C) 2010-2011 Canonical Ltd.
 # License: GPLv3
 # Author: Kees Cook <kees.cook@canonical.com>
 set -e
 if [ "$(whoami)" = "root" ]; then
     echo "Cannot be root for this test" >&2
     exit 1
 fi

 export LANG=C
 pid=
 dir=

 function start_sleeper()
 {
     dir=$(mktemp -d -t sleeper-XXXXXX)
     mkfifo "$dir"/status
     ./sleeper "$1" 120 >"$dir"/status &
     pid=$!
     # Wait for sleeper to start up.
     read status < "$dir"/status
 }

 function kill_sleeper()
 {
     disown $pid
     kill $pid
     rm -rf "$dir"
 }

 rc=0

 # Check we can see direct children.
 OUT=$(gdb -ex run -ex quit --batch ./sleeper </dev/null 2>&1)
 if echo "$OUT" | grep -q 'Quit anyway'; then
     echo "ok: children correctly allow ptrace"
 else
     echo "FAIL: Children unexpectedly not allow ptrace"
     rc=1
 fi

 # Check we can't see cousins.
 sleep 120 &
 pid=$!
 OUT=$(gdb -ex "attach $pid" -ex "quit" --batch </dev/null 2>&1)
 if echo "$OUT" | grep -q 'Operation not permitted'; then
     echo "ok: cousins correctly not allow ptrace"
 else
     echo "FAIL: cousins unexpectedly allow ptrace"
     rc=1
 fi

 # Validate we can see cousin /proc entries.
 if ls -la /proc/$pid/exe >/dev/null 2>&1; then
     echo "ok: cousins correctly visible in /proc"
 else
     echo "FAIL: cousins unexpectedly invisible in /proc"
     rc=1
 fi

 # Check we can't attach to init.
 OUT=$(gdb -ex "attach 1" -ex "quit" --batch </dev/null 2>&1)
 if echo "$OUT" | grep -q 'Operation not permitted'; then
     echo "ok: init correctly not allowing ptrace"
 else
     echo "FAIL: init unexpectedly allowed ptrace"
     rc=1
 fi

 # Check we can't see init.
 if ! ls -la /proc/1/exe >/dev/null 2>&1; then
     echo "ok: init correctly invisible in /proc"
 else
     echo "FAIL: init unexpectedly visible in /proc"
     rc=1
 fi

 # Drop the sleep process and destroy it without disrupting the shell.
 disown $pid
 kill $pid

 # Validate that prctl(PR_SET_PTRACER, 0, ...) works to delete tracer.
 start_sleeper 0
 OUT=$(gdb -ex "attach $pid" -ex "quit" --batch </dev/null 2>&1)
 prctl="prctl(PR_SET_PTRACER, 0, ...)"
 if echo "$OUT" | grep -q 'Operation not permitted'; then
     echo "ok: $prctl correctly not allowed ptrace"
 else
     echo "FAIL: $prctl unexpectedly allowed ptrace"
     rc=1
 fi
 kill_sleeper

 # Validate near ancestor allowed with PR_SET_PTRACER use.
 start_sleeper $$
 OUT=$(gdb -ex "attach $pid" -ex "quit" --batch </dev/null 2>&1)
 prctl="prctl(PR_SET_PTRACER, parent, ...)"
 if echo "$OUT" | grep -q 'Quit anyway'; then
     echo "ok: $prctl correctly allowed ptrace"
 else
     echo "FAIL: $prctl unexpectedly not allowed ptrace"
     rc=1
 fi
 kill_sleeper

 # Validate distant ancestor allowed with PR_SET_PTRACER use.
 start_sleeper 1
 OUT=$(gdb -ex "attach $pid" -ex "quit" --batch </dev/null 2>&1)
 prctl="prctl(PR_SET_PTRACER, 1, ...)"
 if echo "$OUT" | grep -q 'Quit anyway'; then
     echo "ok: $prctl correctly allowed ptrace"
 else
     echo "FAIL: $prctl unexpectedly not allowed ptrace"
     rc=1
 fi
 kill_sleeper

 # Validate -1 disables protection.
 start_sleeper -1
 OUT=$(gdb -ex "attach $pid" -ex "quit" --batch </dev/null 2>&1)
 prctl="prctl(PR_SET_PTRACER, -1, ...)"
 if echo "$OUT" | grep -q 'Quit anyway'; then
     echo "ok: $prctl correctly allowed ptrace"
 else
     echo "FAIL: $prctl unexpectedly not allowed ptrace"
     rc=1
 fi
 kill_sleeper

 exit $rc
	#!/bin/bash
	# Copyright (c) 2012 The Chromium OS Authors.
	#
	# Based on:
	# http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/view/head:/scripts/kernel-security/ptrace/ptrace-restrictions.sh
	# Copyright (C) 2010-2011 Canonical Ltd.
	# License: GPLv3
	# Author: Kees Cook <kees.cook@canonical.com>
	set -e
	if [ "$(whoami)" = "root" ]; then
	echo "Cannot be root for this test" >&2
	exit 1
	fi

	export LANG=C
	pid=
	dir=

	function start_sleeper()
	{
	dir=$(mktemp -d -t sleeper-XXXXXX)
	mkfifo "$dir"/status
	./sleeper "$1" 120 >"$dir"/status &
	pid=$!
	# Wait for sleeper to start up.
	read status < "$dir"/status
	}

	function kill_sleeper()
	{
	disown $pid
	kill $pid
	rm -rf "$dir"
	}

	rc=0

	# Check we can see direct children.
	OUT=$(gdb -ex run -ex quit --batch ./sleeper </dev/null 2>&1)
	if echo "$OUT" \| grep -q 'Quit anyway'; then
	echo "ok: children correctly allow ptrace"
	else
	echo "FAIL: Children unexpectedly not allow ptrace"
	rc=1
	fi

	# Check we can't see cousins.
	sleep 120 &
	pid=$!
	OUT=$(gdb -ex "attach $pid" -ex "quit" --batch </dev/null 2>&1)
	if echo "$OUT" \| grep -q 'Operation not permitted'; then
	echo "ok: cousins correctly not allow ptrace"
	else
	echo "FAIL: cousins unexpectedly allow ptrace"
	rc=1
	fi

	# Validate we can see cousin /proc entries.
	if ls -la /proc/$pid/exe >/dev/null 2>&1; then
	echo "ok: cousins correctly visible in /proc"
	else
	echo "FAIL: cousins unexpectedly invisible in /proc"
	rc=1
	fi

	# Check we can't attach to init.
	OUT=$(gdb -ex "attach 1" -ex "quit" --batch </dev/null 2>&1)
	if echo "$OUT" \| grep -q 'Operation not permitted'; then
	echo "ok: init correctly not allowing ptrace"
	else
	echo "FAIL: init unexpectedly allowed ptrace"
	rc=1
	fi

	# Check we can't see init.
	if ! ls -la /proc/1/exe >/dev/null 2>&1; then
	echo "ok: init correctly invisible in /proc"
	else
	echo "FAIL: init unexpectedly visible in /proc"
	rc=1
	fi

	# Drop the sleep process and destroy it without disrupting the shell.
	disown $pid
	kill $pid

	# Validate that prctl(PR_SET_PTRACER, 0, ...) works to delete tracer.
	start_sleeper 0
	OUT=$(gdb -ex "attach $pid" -ex "quit" --batch </dev/null 2>&1)
	prctl="prctl(PR_SET_PTRACER, 0, ...)"
	if echo "$OUT" \| grep -q 'Operation not permitted'; then
	echo "ok: $prctl correctly not allowed ptrace"
	else
	echo "FAIL: $prctl unexpectedly allowed ptrace"
	rc=1
	fi
	kill_sleeper

	# Validate near ancestor allowed with PR_SET_PTRACER use.
	start_sleeper $$
	OUT=$(gdb -ex "attach $pid" -ex "quit" --batch </dev/null 2>&1)
	prctl="prctl(PR_SET_PTRACER, parent, ...)"
	if echo "$OUT" \| grep -q 'Quit anyway'; then
	echo "ok: $prctl correctly allowed ptrace"
	else
	echo "FAIL: $prctl unexpectedly not allowed ptrace"
	rc=1
	fi
	kill_sleeper

	# Validate distant ancestor allowed with PR_SET_PTRACER use.
	start_sleeper 1
	OUT=$(gdb -ex "attach $pid" -ex "quit" --batch </dev/null 2>&1)
	prctl="prctl(PR_SET_PTRACER, 1, ...)"
	if echo "$OUT" \| grep -q 'Quit anyway'; then
	echo "ok: $prctl correctly allowed ptrace"
	else
	echo "FAIL: $prctl unexpectedly not allowed ptrace"
	rc=1
	fi
	kill_sleeper

	# Validate -1 disables protection.
	start_sleeper -1
	OUT=$(gdb -ex "attach $pid" -ex "quit" --batch </dev/null 2>&1)
	prctl="prctl(PR_SET_PTRACER, -1, ...)"
	if echo "$OUT" \| grep -q 'Quit anyway'; then
	echo "ok: $prctl correctly allowed ptrace"
	else
	echo "FAIL: $prctl unexpectedly not allowed ptrace"
	rc=1
	fi
	kill_sleeper

	exit $rc