memory-deny-write-execute testing

author: netblue30 <netblue30@yahoo.com> 2017-08-18 08:09:38 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-08-18 08:09:38 -0400
commit: ad262caef9f095e00ce51945020142838d93960e (patch)
tree: f592b6bdba5b159cfe7e09e79c1dce8b8535fd46 /test/filters
parent: private-lib (diff)
download: firejail-ad262caef9f095e00ce51945020142838d93960e.tar.gz
firejail-ad262caef9f095e00ce51945020142838d93960e.tar.zst
firejail-ad262caef9f095e00ce51945020142838d93960e.zip
4 files changed, 113 insertions, 0 deletions
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 6a5ec2b87..8f659237a 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -15,6 +15,9 @@ fi
 export PATH="$PATH:/usr/lib/firejail"
+echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)"
+./memwrexe.exp
 echo "TESTING: debug options (test/filters/debug.exp)"
 ./debug.exp
diff --git a/test/filters/memwrexe b/test/filters/memwrexe
new file mode 100755
index 000000000..3a079672c
--- /dev/null
+++ b/test/filters/memwrexe
Binary files differ
diff --git a/test/filters/memwrexe.c b/test/filters/memwrexe.c
new file mode 100644
index 000000000..7e14aa23d
--- /dev/null
+++ b/test/filters/memwrexe.c
@@ -0,0 +1,76 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <sys/mman.h>
+static void usage(void) {
+        printf("memwrexe options\n");
+        printf("where options is:\n");
+        printf("\tmmap - mmap test\n");
+        printf("\tmprotect - mprotect test\n");
+}
+int main(int argc, char **argv) {
+        if (argc != 2) {
+                fprintf(stderr, "TESTING ERROR: memwrexe insufficient params\n");
+                usage();
+                return 1;
+        }
+        
+        if (strcmp(argv[1], "mmap") == 0) {
+                // open some file
+                int fd = open("memwrexe.c", O_RDONLY);
+                if (fd == -1) {
+                        fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n");
+                        return 1;
+                }
+        
+                int size = lseek(fd, 0, SEEK_END);
+                if (size == -1) {
+                        fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n");
+                        return 1;
+                }
+                
+                void *p = mmap (0, size, PROT_WRITE|PROT_READ|PROT_EXEC, MAP_SHARED, fd, 0);
+                printf("mmap successful\n");
+                // wait for expect to timeout
+                sleep(100);
+                return 0;
+        }
+        else if (strcmp(argv[1], "mprotect") == 0) {
+                // open some file
+                int fd = open("memwrexe.c", O_RDWR);
+                if (fd == -1) {
+                        fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n");
+                        return 1;
+                }
+        
+                int size = lseek(fd, 0, SEEK_END);
+                if (size == -1) {
+                        fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n");
+                        return 1;
+                }
+                
+                void *p = mmap (0, size, PROT_READ, MAP_SHARED, fd, 0);
+                if (!p) {
+                        fprintf(stderr, "TESTING ERROR: cannot map file for mprotect test\n");
+                        return 1;
+                }
+                
+                mprotect(p, size, PROT_READ|PROT_WRITE|PROT_EXEC);
+                printf("mprotect successful\n");
+                // wait for expect to timeout
+                sleep(100);
+                return 0;
+        }
+}
+        
+\ No newline at end of file
diff --git a/test/filters/memwrexe.exp b/test/filters/memwrexe.exp
new file mode 100755
index 000000000..6a57b8a07
--- /dev/null
+++ b/test/filters/memwrexe.exp
@@ -0,0 +1,34 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2017 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --memory-deny-write-execute ./memwrexe mmap\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "mmap successful" {puts "TESTING ERROR 2\n";exit}
+        "Parent is shutting down"
+}
+after 100
+send --  "firejail --memory-deny-write-execute ./memwrexe mprotect\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "mprotect successful" {puts "TESTING ERROR 12\n";exit}
+        "Parent is shutting down"
+}
+after 100
+puts "\nall done\n"
author	netblue30 <netblue30@yahoo.com>	2017-08-18 08:09:38 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-08-18 08:09:38 -0400
commit	ad262caef9f095e00ce51945020142838d93960e (patch)
tree	f592b6bdba5b159cfe7e09e79c1dce8b8535fd46 /test/filters
parent	private-lib (diff)
download	firejail-ad262caef9f095e00ce51945020142838d93960e.tar.gz firejail-ad262caef9f095e00ce51945020142838d93960e.tar.zst firejail-ad262caef9f095e00ce51945020142838d93960e.zip

diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 6a5ec2b87..8f659237a 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh
@@ -15,6 +15,9 @@ fi
15		15
16	export PATH="$PATH:/usr/lib/firejail"	16	export PATH="$PATH:/usr/lib/firejail"
17		17
		18	echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)"
		19	./memwrexe.exp
		20
18	echo "TESTING: debug options (test/filters/debug.exp)"	21	echo "TESTING: debug options (test/filters/debug.exp)"
19	./debug.exp	22	./debug.exp
20		23


diff --git a/test/filters/memwrexe b/test/filters/memwrexe new file mode 100755 index 000000000..3a079672c --- /dev/null +++ b/test/filters/memwrexe
Binary files differ


diff --git a/test/filters/memwrexe.c b/test/filters/memwrexe.c new file mode 100644 index 000000000..7e14aa23d --- /dev/null +++ b/test/filters/memwrexe.c
@@ -0,0 +1,76 @@
		1	#include <stdio.h>
		2	#include <stdlib.h>
		3	#include <string.h>
		4	#include <unistd.h>
		5	#include <sys/types.h>
		6	#include <sys/stat.h>
		7	#include <fcntl.h>
		8	#include <sys/mman.h>
		9
		10	static void usage(void) {
		11	printf("memwrexe options\n");
		12	printf("where options is:\n");
		13	printf("\tmmap - mmap test\n");
		14	printf("\tmprotect - mprotect test\n");
		15	}
		16
		17	int main(int argc, char **argv) {
		18	if (argc != 2) {
		19	fprintf(stderr, "TESTING ERROR: memwrexe insufficient params\n");
		20	usage();
		21	return 1;
		22	}
		23
		24	if (strcmp(argv[1], "mmap") == 0) {
		25	// open some file
		26	int fd = open("memwrexe.c", O_RDONLY);
		27	if (fd == -1) {
		28	fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n");
		29	return 1;
		30	}
		31
		32	int size = lseek(fd, 0, SEEK_END);
		33	if (size == -1) {
		34	fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n");
		35	return 1;
		36	}
		37
		38	void *p = mmap (0, size, PROT_WRITE\|PROT_READ\|PROT_EXEC, MAP_SHARED, fd, 0);
		39	printf("mmap successful\n");
		40
		41	// wait for expect to timeout
		42	sleep(100);
		43
		44	return 0;
		45	}
		46
		47	else if (strcmp(argv[1], "mprotect") == 0) {
		48	// open some file
		49	int fd = open("memwrexe.c", O_RDWR);
		50	if (fd == -1) {
		51	fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n");
		52	return 1;
		53	}
		54
		55	int size = lseek(fd, 0, SEEK_END);
		56	if (size == -1) {
		57	fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n");
		58	return 1;
		59	}
		60
		61	void *p = mmap (0, size, PROT_READ, MAP_SHARED, fd, 0);
		62	if (!p) {
		63	fprintf(stderr, "TESTING ERROR: cannot map file for mprotect test\n");
		64	return 1;
		65	}
		66
		67	mprotect(p, size, PROT_READ\|PROT_WRITE\|PROT_EXEC);
		68	printf("mprotect successful\n");
		69
		70	// wait for expect to timeout
		71	sleep(100);
		72
		73	return 0;
		74	}
		75	}
		76	\ No newline at end of file


diff --git a/test/filters/memwrexe.exp b/test/filters/memwrexe.exp new file mode 100755 index 000000000..6a57b8a07 --- /dev/null +++ b/test/filters/memwrexe.exp
@@ -0,0 +1,34 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2017 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --memory-deny-write-execute ./memwrexe mmap\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"Child process initialized"
		14	}
		15	expect {
		16	timeout {puts "TESTING ERROR 1\n";exit}
		17	"mmap successful" {puts "TESTING ERROR 2\n";exit}
		18	"Parent is shutting down"
		19	}
		20	after 100
		21
		22	send -- "firejail --memory-deny-write-execute ./memwrexe mprotect\r"
		23	expect {
		24	timeout {puts "TESTING ERROR 10\n";exit}
		25	"Child process initialized"
		26	}
		27	expect {
		28	timeout {puts "TESTING ERROR 11\n";exit}
		29	"mprotect successful" {puts "TESTING ERROR 12\n";exit}
		30	"Parent is shutting down"
		31	}
		32
		33	after 100
		34	puts "\nall done\n"