PERFORCE change 156893 for review

Thu Jan 29 15:30:05 PST 2009

http://perforce.freebsd.org/chv.cgi?CH=156893

Change 156893 by rwatson at rwatson_freebsd_capabilities on 2009/01/29 23:30:00

	Test CAP_MAPEXEC with PROT_EXEC in mmap/capability regression
	test.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/tools/regression/security/cap_test/cap_test_capabilities.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/tools/regression/security/cap_test/cap_test_capabilities.c#3 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2008 Robert N. M. Watson
+ * Copyright (c) 2008-2009 Robert N. M. Watson
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30,9 +30,9 @@
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/tools/regression/security/cap_test/cap_test_capabilities.c#2 $");
+__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/tools/regression/security/cap_test/cap_test_capabilities.c#3 $");
 
-#include <sys/types.h>
+#include <sys/param.h>
 #include <sys/capability.h>
 #include <sys/mman.h>
 #include <sys/mount.h>
@@ -181,6 +181,20 @@
 		}
 	}
 
+	p = mmap(NULL, getpagesize(), PROT_EXEC, MAP_SHARED, fd_cap, 0);
+	if ((rights & (CAP_MMAP | CAP_MAPEXEC)) == (CAP_MMAP | CAP_MAPEXEC)) {
+		if (p == MAP_FAILED)
+			warnx("rights 0x%llx mmap mapexec failed error %d",
+			    rights, errno);
+		else
+			(void)munmap(p, getpagesize());
+	} else {
+		if (p != MAP_FAILED) {
+			warnx("rights 0x%llx mmap mapexec succeeded", rights);
+			(void)munmap(p, getpagesize());
+		}
+	}
+
 	p = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, MAP_SHARED,
 	    fd_cap, 0);
 	if ((rights & (CAP_MMAP | CAP_READ | CAP_WRITE)) == (CAP_MMAP |
@@ -198,6 +212,57 @@
 		}
 	}
 
+	p = mmap(NULL, getpagesize(), PROT_READ | PROT_EXEC, MAP_SHARED,
+	    fd_cap, 0);
+	if ((rights & (CAP_MMAP | CAP_READ | CAP_MAPEXEC)) == (CAP_MMAP |
+	    CAP_READ | CAP_MAPEXEC)) {
+		if (p == MAP_FAILED)
+			warnx("rights 0x%llx mmap read|mapexec failed error %d",
+			    rights, errno);
+		else
+			(void)munmap(p, getpagesize());
+	} else {
+		if (p != MAP_FAILED) {
+			warnx("rights 0x%llx mmap read|mapexec succeeded",
+			    rights);
+			(void)munmap(p, getpagesize());
+		}
+	}
+
+	p = mmap(NULL, getpagesize(), PROT_EXEC | PROT_WRITE, MAP_SHARED,
+	    fd_cap, 0);
+	if ((rights & (CAP_MMAP | CAP_MAPEXEC | CAP_WRITE)) == (CAP_MMAP |
+	    CAP_MAPEXEC | CAP_WRITE)) {
+		if (p == MAP_FAILED)
+			warnx("rights 0x%llx mmap mapexec|write failed "
+			    "error %d", rights, errno);
+		else
+			(void)munmap(p, getpagesize());
+	} else {
+		if (p != MAP_FAILED) {
+			warnx("rights 0x%llx mmap mapexec|write succeeded",
+			    rights);
+			(void)munmap(p, getpagesize());
+		}
+	}
+
+	p = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE | PROT_EXEC,
+	    MAP_SHARED, fd_cap, 0);
+	if ((rights & (CAP_MMAP | CAP_READ | CAP_WRITE | CAP_MAPEXEC)) ==
+	    (CAP_MMAP | CAP_READ | CAP_WRITE | CAP_MAPEXEC)) {
+		if (p == MAP_FAILED)
+			warnx("rights 0x%llx mmap read|write|mapexec failed "
+			    "error %d", rights, errno);
+		else
+			(void)munmap(p, getpagesize());
+	} else {
+		if (p != MAP_FAILED) {
+			warnx("rights 0x%llx mmap read|write|mapexec "
+			    "succeeded", rights);
+			(void)munmap(p, getpagesize());
+		}
+	}
+
 	/* XXX fcntl */
 
 	/* XXX select / poll / kqueue */
@@ -316,7 +381,11 @@
 	try_file_ops(fd, CAP_MMAP);
 	try_file_ops(fd, CAP_MMAP | CAP_READ);
 	try_file_ops(fd, CAP_MMAP | CAP_WRITE);
+	try_file_ops(fd, CAP_MMAP | CAP_MAPEXEC);
 	try_file_ops(fd, CAP_MMAP | CAP_READ | CAP_WRITE);
+	try_file_ops(fd, CAP_MMAP | CAP_READ | CAP_MAPEXEC);
+	try_file_ops(fd, CAP_MMAP | CAP_MAPEXEC | CAP_WRITE);
+	try_file_ops(fd, CAP_MMAP | CAP_READ | CAP_WRITE | CAP_MAPEXEC);
 	try_file_ops(fd, CAP_FCNTL);
 	try_file_ops(fd, CAP_EVENT);
 	try_file_ops(fd, CAP_FSYNC);
