socsvn commit: r268641 - in soc2014/op/tests/smap-tester: kmod smap-test

op at FreeBSD.org op at FreeBSD.org
Mon May 26 15:30:57 UTC 2014 

Author: op
Date: Mon May 26 15:30:55 2014
New Revision: 268641
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=268641

Log:
  updated SMAP testing framework
  
  Signed-off-by: Oliver Pinter <oliver.pntr at gmail.com>
  
  

Modified:
  soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c
  soc2014/op/tests/smap-tester/smap-test/Makefile
  soc2014/op/tests/smap-tester/smap-test/smap-test.c

Modified: soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c
==============================================================================
--- soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c	Mon May 26 14:57:47 2014	(r268640)
+++ soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c	Mon May 26 15:30:55 2014	(r268641)
@@ -31,17 +31,20 @@
 		return (error);
 
 	if (strcmp(buf, agreement) == 0) {
-		printf("SMAP test enabled!\n");
+		printf("{+} SMAP tests enabled!\n");
+		uprintf("\n{+} SMAP tests enabled!\n");
 		allow_tests = true;
 	} else {
-		printf("SMAP test disabled!\n");
+		printf("{+} SMAP tests disabled!\n");
+		uprintf("\n{+} SMAP tests disabled!\n");
 		allow_tests = false;
 	}
 
 	return (error);
 }
 
-SYSCTL_PROC(_debug_smap, OID_AUTO, agreement_string, CTLTYPE_STRING | CTLFLAG_RW,
+SYSCTL_PROC(_debug_smap, OID_AUTO, agreement_string,
+    CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_ANYBODY,
     0, 0, sysctl_debug_smap_agreement,
     "A", "shoot my foot!!!11oneone!!");
 
@@ -51,15 +54,18 @@
 	int error=0;
 
 	error = sysctl_handle_long(oidp, &us_addr, 0, req);
-	if (error != 0 || req->newptr == NULL)
+	if (error != 0 || req->newptr == NULL) {
 		return (error);
+	}
 
-	printf("us_addr set to %p\n", us_addr);
+	printf("{+} us_addr set to %p\n", us_addr);
+	uprintf("\n{+} us_addr set to %p\n", us_addr);
 
 	return (error);
 }
 
-SYSCTL_PROC(_debug_smap, OID_AUTO, us_addr, CTLTYPE_LONG | CTLFLAG_RW,
+SYSCTL_PROC(_debug_smap, OID_AUTO, us_addr,
+    CTLTYPE_LONG | CTLFLAG_RW | CTLFLAG_ANYBODY,
     0, 0, sysctl_debug_smap_us_addr,
     "L", "user-space address");
 
@@ -74,6 +80,7 @@
 	case MOD_LOAD:
 		buf = malloc(4096, M_SMAP_TEST, M_WAITOK | M_ZERO);
 		printf("SMAP tester loaded.\n");
+		printf("WARNING: vulnerable kernel module!\n");
 		break;
 	case MOD_UNLOAD:
 		free(buf, M_SMAP_TEST);

Modified: soc2014/op/tests/smap-tester/smap-test/Makefile
==============================================================================
--- soc2014/op/tests/smap-tester/smap-test/Makefile	Mon May 26 14:57:47 2014	(r268640)
+++ soc2014/op/tests/smap-tester/smap-test/Makefile	Mon May 26 15:30:55 2014	(r268641)
@@ -1,4 +1,5 @@
 PROG=	smap-test
+CFLAGS+= -fPIC -DPIC
 
 NO_MAN=
 

Modified: soc2014/op/tests/smap-tester/smap-test/smap-test.c
==============================================================================
--- soc2014/op/tests/smap-tester/smap-test/smap-test.c	Mon May 26 14:57:47 2014	(r268640)
+++ soc2014/op/tests/smap-tester/smap-test/smap-test.c	Mon May 26 15:30:55 2014	(r268641)
@@ -1,10 +1,98 @@
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/sysctl.h>
+
+void test_prepare(void);
+void test_allow(void);
+void test_0(void);
+
+void test_destroy(void);
+
+const char *us_buf = NULL;
 
 int
 main(int argc, char **argv)
 {
-	printf("NI!\n");
+	test_prepare();
+	test_allow();
+
+
+	test_destroy();
 
 	return (0);
 }
+
+void
+test_prepare(void)
+{
+	void *us_addr=0;
+	long *oldp;
+	size_t oldps;
+	int error=0;
+
+	/* prepare the user-space memory region */
+	us_buf = strdup("Ez itt jo lenne nem kiolvasni!\n");
+	if (us_buf == NULL) {
+		printf("[-] failed to prepare SMAP test\n");
+		exit(1);
+	}
+
+	/* take the user-space address */
+	us_addr = (long)(void *)us_buf;
+	printf("[+] debug.smap.us_addr = %p\n", us_addr);
+
+	/* read the old sysctl value */
+	sysctlbyname("debug.smap.us_addr", NULL, &oldps, NULL, 0);
+	oldp = calloc(oldps, sizeof(char));
+	error = sysctlbyname("debug.smap.us_addr", oldp, &oldps, NULL, 0);
+	if (error != 0) {
+		printf("[-] sysctl error - unable to read debug.smap.us_addr\n");
+		exit(2);
+	}
+	printf("[+] debug.smap.us_addr = %p [old value]\n", oldp);
+
+	/* push to the kernel the current user-space memory region */
+	error = sysctlbyname("debug.smap.us_addr", NULL, 0, &us_addr, sizeof(us_addr));
+	if (error != 0) {
+		printf("[-] sysctl error - unable to set debug.smap.us_addr\n");
+		exit(3);
+	}
+	printf("[+] debug.smap.us_addr = %p [new value]\n", us_addr);
+}
+
+void
+test_destroy(void)
+{
+	const char *s = "tests disabled";
+	int error;
+
+	if (us_buf != NULL) {
+		free(us_buf);
+		us_buf = NULL;
+	}
+
+
+	sysctlbyname("debug.smap.agreement_string", NULL, 0, s, strlen(s));
+	if (error != 0) {
+		printf("[-] sysctl error - unable to set test agreement\n");
+		exit(4);
+	}
+	printf("[+] debug.smap.agreement_string = %s\n", s);
+}
+
+
+void
+test_allow(void)
+{
+	const char *s = "shoot my foot!!!11oneone!!";
+	int error;
+
+	sysctlbyname("debug.smap.agreement_string", NULL, 0, s, strlen(s));
+	if (error != 0) {
+		printf("[-] sysctl error - unable to set test agreement\n");
+		exit(4);
+	}
+	printf("[+] debug.smap.agreement_string = %s\n", s);
+}

More information about the svn-soc-all mailing list