elfutils/tests/Sanity/yama-scope/runtest.sh

109 lines
3.8 KiB
Bash
Raw Normal View History

#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Sanity/yama-scope
# Description: yama-scope
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
MY_USER="ptrace_scope_testuser"
TESTCASE="/tmp/ptrace-scope-test.sh"
PROCFILE='/proc/sys/kernel/yama/ptrace_scope'
test_root()
{
$TESTCASE
}
test_user()
{
su - $MY_USER -c $TESTCASE
}
rlJournalStart
rlPhaseStartTest
# This can easily be tested with strace. Just cycle through the settings:
# 0 - Default attach security permissions.
# 1 - Restricted attach. Only child processes plus normal permissions.
# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE.
# 3 - No attach. No process may call ptrace at all. Irrevocable.
# echo 0 > /proc/sys/kernel/yama/ptrace_scope
# With 0, strace works against any process with your uid. For example, strace -p 2190.
# With 1, strace errors when doing the same as in 0: strace: attach: ptrace(PTRACE_SEIZE, 3180): Operation not permitted. However, you can strace any program you run from strace, "strace /bin/ls" or example.
# With 2, you can only strace from the root account. You can no longer strace commands run from strace.
# With 3, even root cannot strace.
# ---
# possible related AVCs tracked as https://bugzilla.redhat.com/show_bug.cgi?id=1458999
# ---
rlRun "useradd $MY_USER" 0,9
rlRun "cp ptrace-scope-test.sh /tmp/"
rlRun "chmod a+rx /tmp/ptrace-scope-test.sh"
rlRun "ORIGVAL=$( cat $PROCFILE )"
# First, test the default behaviour, which is "no restriction"
# from the ptrace perspective. Here we assume that
# elfutils-default-yama-scope.rpm is installed and so the default
# yama policy is set to 0 instead of 1 which would otherwise be set
# as a kernel default (security/yama/yama_lsm.c ---> YAMA_SCOPE_RELATIONAL)
rlRun test_root
rlRun test_user
rlRun "echo 0 > $PROCFILE"
rlRun test_root
rlRun test_user
rlRun "echo 1 > $PROCFILE"
rlRun test_root
rlRun test_user 1
rlRun "echo 2 > $PROCFILE"
rlRun test_root
rlRun test_user 1
# Following subtest would be irrevertible (till next reboot)
# rlRun "echo 3 > $PROCFILE"
# rlRun test_root 1
# rlRun test_user 1
rlRun "userdel -f $MY_USER"
# This testcase could be more complex - using child and non-child processes and
# performing reboots. But let's keep this simple, since we are not testing the
# kernel facility, but merely an elfutils "plugin" for it, whose purpose is to
# set the default yama policy as such.
rlRun "echo $ORIGVAL > $PROCFILE"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd