socsvn commit: r268641 - in soc2014/op/tests/smap-tester: kmod smap-test
op at FreeBSD.org
op at FreeBSD.org
Mon May 26 15:30:57 UTC 2014
Author: op
Date: Mon May 26 15:30:55 2014
New Revision: 268641
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=268641
Log:
updated SMAP testing framework
Signed-off-by: Oliver Pinter <oliver.pntr at gmail.com>
Modified:
soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c
soc2014/op/tests/smap-tester/smap-test/Makefile
soc2014/op/tests/smap-tester/smap-test/smap-test.c
Modified: soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c
==============================================================================
--- soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c Mon May 26 14:57:47 2014 (r268640)
+++ soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c Mon May 26 15:30:55 2014 (r268641)
@@ -31,17 +31,20 @@
return (error);
if (strcmp(buf, agreement) == 0) {
- printf("SMAP test enabled!\n");
+ printf("{+} SMAP tests enabled!\n");
+ uprintf("\n{+} SMAP tests enabled!\n");
allow_tests = true;
} else {
- printf("SMAP test disabled!\n");
+ printf("{+} SMAP tests disabled!\n");
+ uprintf("\n{+} SMAP tests disabled!\n");
allow_tests = false;
}
return (error);
}
-SYSCTL_PROC(_debug_smap, OID_AUTO, agreement_string, CTLTYPE_STRING | CTLFLAG_RW,
+SYSCTL_PROC(_debug_smap, OID_AUTO, agreement_string,
+ CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_ANYBODY,
0, 0, sysctl_debug_smap_agreement,
"A", "shoot my foot!!!11oneone!!");
@@ -51,15 +54,18 @@
int error=0;
error = sysctl_handle_long(oidp, &us_addr, 0, req);
- if (error != 0 || req->newptr == NULL)
+ if (error != 0 || req->newptr == NULL) {
return (error);
+ }
- printf("us_addr set to %p\n", us_addr);
+ printf("{+} us_addr set to %p\n", us_addr);
+ uprintf("\n{+} us_addr set to %p\n", us_addr);
return (error);
}
-SYSCTL_PROC(_debug_smap, OID_AUTO, us_addr, CTLTYPE_LONG | CTLFLAG_RW,
+SYSCTL_PROC(_debug_smap, OID_AUTO, us_addr,
+ CTLTYPE_LONG | CTLFLAG_RW | CTLFLAG_ANYBODY,
0, 0, sysctl_debug_smap_us_addr,
"L", "user-space address");
@@ -74,6 +80,7 @@
case MOD_LOAD:
buf = malloc(4096, M_SMAP_TEST, M_WAITOK | M_ZERO);
printf("SMAP tester loaded.\n");
+ printf("WARNING: vulnerable kernel module!\n");
break;
case MOD_UNLOAD:
free(buf, M_SMAP_TEST);
Modified: soc2014/op/tests/smap-tester/smap-test/Makefile
==============================================================================
--- soc2014/op/tests/smap-tester/smap-test/Makefile Mon May 26 14:57:47 2014 (r268640)
+++ soc2014/op/tests/smap-tester/smap-test/Makefile Mon May 26 15:30:55 2014 (r268641)
@@ -1,4 +1,5 @@
PROG= smap-test
+CFLAGS+= -fPIC -DPIC
NO_MAN=
Modified: soc2014/op/tests/smap-tester/smap-test/smap-test.c
==============================================================================
--- soc2014/op/tests/smap-tester/smap-test/smap-test.c Mon May 26 14:57:47 2014 (r268640)
+++ soc2014/op/tests/smap-tester/smap-test/smap-test.c Mon May 26 15:30:55 2014 (r268641)
@@ -1,10 +1,98 @@
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/sysctl.h>
+
+void test_prepare(void);
+void test_allow(void);
+void test_0(void);
+
+void test_destroy(void);
+
+const char *us_buf = NULL;
int
main(int argc, char **argv)
{
- printf("NI!\n");
+ test_prepare();
+ test_allow();
+
+
+ test_destroy();
return (0);
}
+
+void
+test_prepare(void)
+{
+ void *us_addr=0;
+ long *oldp;
+ size_t oldps;
+ int error=0;
+
+ /* prepare the user-space memory region */
+ us_buf = strdup("Ez itt jo lenne nem kiolvasni!\n");
+ if (us_buf == NULL) {
+ printf("[-] failed to prepare SMAP test\n");
+ exit(1);
+ }
+
+ /* take the user-space address */
+ us_addr = (long)(void *)us_buf;
+ printf("[+] debug.smap.us_addr = %p\n", us_addr);
+
+ /* read the old sysctl value */
+ sysctlbyname("debug.smap.us_addr", NULL, &oldps, NULL, 0);
+ oldp = calloc(oldps, sizeof(char));
+ error = sysctlbyname("debug.smap.us_addr", oldp, &oldps, NULL, 0);
+ if (error != 0) {
+ printf("[-] sysctl error - unable to read debug.smap.us_addr\n");
+ exit(2);
+ }
+ printf("[+] debug.smap.us_addr = %p [old value]\n", oldp);
+
+ /* push to the kernel the current user-space memory region */
+ error = sysctlbyname("debug.smap.us_addr", NULL, 0, &us_addr, sizeof(us_addr));
+ if (error != 0) {
+ printf("[-] sysctl error - unable to set debug.smap.us_addr\n");
+ exit(3);
+ }
+ printf("[+] debug.smap.us_addr = %p [new value]\n", us_addr);
+}
+
+void
+test_destroy(void)
+{
+ const char *s = "tests disabled";
+ int error;
+
+ if (us_buf != NULL) {
+ free(us_buf);
+ us_buf = NULL;
+ }
+
+
+ sysctlbyname("debug.smap.agreement_string", NULL, 0, s, strlen(s));
+ if (error != 0) {
+ printf("[-] sysctl error - unable to set test agreement\n");
+ exit(4);
+ }
+ printf("[+] debug.smap.agreement_string = %s\n", s);
+}
+
+
+void
+test_allow(void)
+{
+ const char *s = "shoot my foot!!!11oneone!!";
+ int error;
+
+ sysctlbyname("debug.smap.agreement_string", NULL, 0, s, strlen(s));
+ if (error != 0) {
+ printf("[-] sysctl error - unable to set test agreement\n");
+ exit(4);
+ }
+ printf("[+] debug.smap.agreement_string = %s\n", s);
+}
More information about the svn-soc-all
mailing list