t_mprotect.c revision 1.1
1 /* $NetBSD: t_mprotect.c,v 1.1 2011/07/07 06:57:54 jruoho Exp $ */ 2 3 /*- 4 * Copyright (c) 2011 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jukka Ruohonen. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 #include <sys/cdefs.h> 32 __RCSID("$NetBSD: t_mprotect.c,v 1.1 2011/07/07 06:57:54 jruoho Exp $"); 33 34 #include <sys/param.h> 35 #include <sys/mman.h> 36 #include <sys/sysctl.h> 37 #include <sys/wait.h> 38 39 #include <errno.h> 40 #include <fcntl.h> 41 #include <stdlib.h> 42 #include <string.h> 43 #include <unistd.h> 44 45 #include <atf-c.h> 46 47 static long page = 0; 48 static int pax_global = -1; 49 static int pax_enabled = -1; 50 static char path[] = "mmap"; 51 52 static void sighandler(int); 53 static bool paxinit(void); 54 static bool paxset(int, int); 55 56 static void 57 sighandler(int signo) 58 { 59 _exit(signo); 60 } 61 62 static bool 63 paxinit(void) 64 { 65 size_t len = sizeof(int); 66 int rv; 67 68 rv = sysctlbyname("security.pax.mprotect.global", 69 &pax_global, &len, NULL, 0); 70 71 if (rv != 0) 72 return false; 73 74 rv = sysctlbyname("security.pax.mprotect.enabled", 75 &pax_enabled, &len, NULL, 0); 76 77 if (rv != 0) 78 return false; 79 80 return paxset(1, 1); 81 } 82 83 static bool 84 paxset(int global, int enabled) 85 { 86 size_t len = sizeof(int); 87 int rv; 88 89 rv = sysctlbyname("security.pax.mprotect.global", 90 NULL, NULL, &global, len); 91 92 if (rv != 0) 93 return false; 94 95 rv = sysctlbyname("security.pax.mprotect.enabled", 96 NULL, NULL, &enabled, len); 97 98 if (rv != 0) 99 return false; 100 101 return true; 102 } 103 104 105 ATF_TC_WITH_CLEANUP(mprotect_access); 106 ATF_TC_HEAD(mprotect_access, tc) 107 { 108 atf_tc_set_md_var(tc, "descr", "Test for EACCES from mprotect(2)"); 109 } 110 111 ATF_TC_BODY(mprotect_access, tc) 112 { 113 int prot[2] = { PROT_NONE, PROT_READ }; 114 void *map; 115 size_t i; 116 int fd; 117 118 fd = open(path, O_RDONLY | O_CREAT); 119 ATF_REQUIRE(fd >= 0); 120 121 /* 122 * The call should fail with EACCES if we try to mark 123 * a PROT_NONE or PROT_READ file/section as PROT_WRITE. 124 */ 125 for (i = 0; i < __arraycount(prot); i++) { 126 127 map = mmap(NULL, page, prot[i], MAP_SHARED, fd, 0); 128 129 if (map == MAP_FAILED) 130 continue; 131 132 errno = 0; 133 134 ATF_REQUIRE(mprotect(map, page, PROT_WRITE) != 0); 135 ATF_REQUIRE(errno == EACCES); 136 ATF_REQUIRE(munmap(map, page) == 0); 137 } 138 139 ATF_REQUIRE(close(fd) == 0); 140 } 141 142 ATF_TC_CLEANUP(mprotect_access, tc) 143 { 144 (void)unlink(path); 145 } 146 147 ATF_TC(mprotect_err); 148 ATF_TC_HEAD(mprotect_err, tc) 149 { 150 atf_tc_set_md_var(tc, "descr", "Test error conditions of mprotect(2)"); 151 } 152 153 ATF_TC_BODY(mprotect_err, tc) 154 { 155 errno = 0; 156 157 ATF_REQUIRE(mprotect((char *)-1, 1, PROT_READ) != 0); 158 ATF_REQUIRE(errno == EINVAL); 159 } 160 161 ATF_TC(mprotect_pax); 162 ATF_TC_HEAD(mprotect_pax, tc) 163 { 164 atf_tc_set_md_var(tc, "descr", "PaX restrictions and mprotect(2),"); 165 atf_tc_set_md_var(tc, "require.user", "root"); 166 } 167 168 ATF_TC_BODY(mprotect_pax, tc) 169 { 170 const int prot[4] = { PROT_NONE, PROT_READ, PROT_WRITE }; 171 const char *str = NULL; 172 void *map; 173 size_t i; 174 int rv; 175 176 if (paxinit() != true) 177 return; 178 179 /* 180 * As noted in the original PaX documentation [1], 181 * the following restrictions should apply: 182 * 183 * (1) creating executable anonymous mappings 184 * 185 * (2) creating executable/writable file mappings 186 * 187 * (3) making a non-executable mapping executable 188 * 189 * (4) making an executable/read-only file mapping 190 * writable except for performing relocations 191 * on an ET_DYN ELF file (non-PIC shared library) 192 * 193 * The following will test only the case (3). 194 * 195 * [1] http://pax.grsecurity.net/docs/mprotect.txt 196 * 197 * (Sun Apr 3 11:06:53 EEST 2011.) 198 */ 199 for (i = 0; i < __arraycount(prot); i++) { 200 201 map = mmap(NULL, page, prot[i], MAP_ANON, -1, 0); 202 203 if (map == MAP_FAILED) 204 continue; 205 206 rv = mprotect(map, 1, prot[i] | PROT_EXEC); 207 208 (void)munmap(map, page); 209 210 if (rv == 0) { 211 str = "non-executable mapping made executable"; 212 goto out; 213 } 214 } 215 216 out: 217 if (pax_global != -1 && pax_enabled != -1) 218 (void)paxset(pax_global, pax_enabled); 219 220 if (str != NULL) 221 atf_tc_fail("%s", str); 222 } 223 224 ATF_TC(mprotect_write); 225 ATF_TC_HEAD(mprotect_write, tc) 226 { 227 atf_tc_set_md_var(tc, "descr", "Test mprotect(2) protections"); 228 } 229 230 ATF_TC_BODY(mprotect_write, tc) 231 { 232 pid_t pid; 233 void *map; 234 int sta; 235 236 /* 237 * Map a page read/write, change the protection 238 * to read-only with mprotect(2), and try to write 239 * to the page. This should generate a SIGSEGV. 240 */ 241 map = mmap(NULL, page, PROT_WRITE|PROT_READ, MAP_ANON, -1, 0); 242 ATF_REQUIRE(map != MAP_FAILED); 243 244 ATF_REQUIRE(strlcpy(map, "XXX", 3) == 3); 245 ATF_REQUIRE(mprotect(map, page, PROT_READ) == 0); 246 247 pid = fork(); 248 ATF_REQUIRE(pid >= 0); 249 250 if (pid == 0) { 251 ATF_REQUIRE(signal(SIGSEGV, sighandler) != SIG_ERR); 252 ATF_REQUIRE(strlcpy(map, "XXX", 3) == 0); 253 } 254 255 (void)wait(&sta); 256 257 ATF_REQUIRE(WIFEXITED(sta) != 0); 258 ATF_REQUIRE(WEXITSTATUS(sta) == SIGSEGV); 259 ATF_REQUIRE(munmap(map, page) == 0); 260 } 261 262 ATF_TP_ADD_TCS(tp) 263 { 264 page = sysconf(_SC_PAGESIZE); 265 ATF_REQUIRE(page >= 0); 266 267 ATF_TP_ADD_TC(tp, mprotect_access); 268 ATF_TP_ADD_TC(tp, mprotect_err); 269 ATF_TP_ADD_TC(tp, mprotect_pax); 270 ATF_TP_ADD_TC(tp, mprotect_write); 271 272 return atf_no_error(); 273 } 274
Indexes created Tue Sep 23 14:10:03 GMT 2025