Module Name:    src
Committed By:   kamil
Date:           Sun Apr  8 17:20:18 UTC 2018

Modified Files:
        src/tests/lib/libc/sys: t_ptrace_x86_wait.h

Log Message:
Add check in ATF tests for security.models.extensions.user_set_dbregs

Introduce a new function can_we_set_dbregs() in the ATF ptrace(2) tests.
It uses lazy-bool evaluation whether a process can call PT_SETDBREGS.

In case of not being able to do so, print a message and mark a test
as skipped:

  Either run this test as root or set sysctl(3)
  security.models.extensions.user_set_dbregs to 1

No functional change intended to the code flow of the existing tested
scenarios.

Sponsored by <The NetBSD Foundation>


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/tests/lib/libc/sys/t_ptrace_x86_wait.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/tests/lib/libc/sys/t_ptrace_x86_wait.h
diff -u src/tests/lib/libc/sys/t_ptrace_x86_wait.h:1.4 src/tests/lib/libc/sys/t_ptrace_x86_wait.h:1.5
--- src/tests/lib/libc/sys/t_ptrace_x86_wait.h:1.4	Tue Mar  6 21:11:51 2018
+++ src/tests/lib/libc/sys/t_ptrace_x86_wait.h	Sun Apr  8 17:20:18 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: t_ptrace_x86_wait.h,v 1.4 2018/03/06 21:11:51 kamil Exp $	*/
+/*	$NetBSD: t_ptrace_x86_wait.h,v 1.5 2018/04/08 17:20:18 kamil Exp $	*/
 
 /*-
  * Copyright (c) 2016 The NetBSD Foundation, Inc.
@@ -57,6 +57,33 @@ union u {
 	} bits;
 };
 
+static bool
+can_we_set_dbregs(void)
+{
+	static long euid = -1;
+	static int user_set_dbregs  = -1;
+	size_t user_set_dbregs_len = sizeof(user_set_dbregs);
+
+	if (euid == -1)
+		euid = geteuid();
+
+	if (euid == 0)
+		return true;
+
+	if (user_set_dbregs == -1) {
+		if (sysctlbyname("security.models.extensions.user_set_dbregs",
+			&user_set_dbregs, &user_set_dbregs_len, NULL, 0)
+			== -1) {
+			return false;
+		}
+	}
+
+	if (user_set_dbregs > 0)
+		return true;
+	else
+		return false;
+}
+
 ATF_TC(dbregs_print);
 ATF_TC_HEAD(dbregs_print, tc)
 {
@@ -135,6 +162,11 @@ dbreg_preserve(int reg, enum dbreg_prese
 	size_t i;
 	int watchme;
 
+	if (!can_we_set_dbregs()) {
+		atf_tc_skip("Either run this test as root or set sysctl(3) "
+		            "security.models.extensions.user_set_dbregs to 1");
+	}
+
 	DPRINTF("Before forking process PID=%d\n", getpid());
 	SYSCALL_REQUIRE((child = fork()) != -1);
 	if (child == 0) {
@@ -389,6 +421,11 @@ dbregs_trap_variable(int reg, int cond, 
 	struct ptrace_siginfo info;
 	memset(&info, 0, sizeof(info));
 
+	if (!can_we_set_dbregs()) {
+		atf_tc_skip("Either run this test as root or set sysctl(3) "
+		            "security.models.extensions.user_set_dbregs to 1");
+	}
+
 	dr7.raw = 0;
 	switch (reg) {
 	case 0:
@@ -1101,6 +1138,11 @@ ATF_TC_BODY(dbregs_dr0_trap_code, tc)
 	struct ptrace_siginfo info;
 	memset(&info, 0, sizeof(info));
 
+	if (!can_we_set_dbregs()) {
+		atf_tc_skip("Either run this test as root or set sysctl(3) "
+		            "security.models.extensions.user_set_dbregs to 1");
+	}
+
 	dr7.raw = 0;
 	dr7.bits.global_dr0_breakpoint = 1;
 	dr7.bits.condition_dr0 = 0;	/* 0b00 -- break on code execution */
@@ -1228,6 +1270,11 @@ ATF_TC_BODY(dbregs_dr1_trap_code, tc)
 	struct ptrace_siginfo info;
 	memset(&info, 0, sizeof(info));
 
+	if (!can_we_set_dbregs()) {
+		atf_tc_skip("Either run this test as root or set sysctl(3) "
+		            "security.models.extensions.user_set_dbregs to 1");
+	}
+
 	dr7.raw = 0;
 	dr7.bits.global_dr1_breakpoint = 1;
 	dr7.bits.condition_dr1 = 0;	/* 0b00 -- break on code execution */
@@ -1355,6 +1402,11 @@ ATF_TC_BODY(dbregs_dr2_trap_code, tc)
 	struct ptrace_siginfo info;
 	memset(&info, 0, sizeof(info));
 
+	if (!can_we_set_dbregs()) {
+		atf_tc_skip("Either run this test as root or set sysctl(3) "
+		            "security.models.extensions.user_set_dbregs to 1");
+	}
+
 	dr7.raw = 0;
 	dr7.bits.global_dr2_breakpoint = 1;
 	dr7.bits.condition_dr2 = 0;	/* 0b00 -- break on code execution */
@@ -1482,6 +1534,11 @@ ATF_TC_BODY(dbregs_dr3_trap_code, tc)
 	struct ptrace_siginfo info;
 	memset(&info, 0, sizeof(info));
 
+	if (!can_we_set_dbregs()) {
+		atf_tc_skip("Either run this test as root or set sysctl(3) "
+		            "security.models.extensions.user_set_dbregs to 1");
+	}
+
 	dr7.raw = 0;
 	dr7.bits.global_dr3_breakpoint = 1;
 	dr7.bits.condition_dr3 = 0;	/* 0b00 -- break on code execution */
@@ -1614,6 +1671,11 @@ dbregs_dont_inherit_lwp(int reg)
 	struct dbreg r1;
 	struct dbreg r2;
 
+	if (!can_we_set_dbregs()) {
+		atf_tc_skip("Either run this test as root or set sysctl(3) "
+		            "security.models.extensions.user_set_dbregs to 1");
+	}
+
 	DPRINTF("Before forking process PID=%d\n", getpid());
 	SYSCALL_REQUIRE((child = fork()) != -1);
 	if (child == 0) {
@@ -1785,6 +1847,11 @@ dbregs_dont_inherit_execve(int reg)
 	struct ptrace_siginfo info;
 	memset(&info, 0, sizeof(info));
 
+	if (!can_we_set_dbregs()) {
+		atf_tc_skip("Either run this test as root or set sysctl(3) "
+		            "security.models.extensions.user_set_dbregs to 1");
+	}
+
 	DPRINTF("Before forking process PID=%d\n", getpid());
 	SYSCALL_REQUIRE((child = fork()) != -1);
 	if (child == 0) {

Reply via email to