diff options
author | netblue30 <netblue30@yahoo.com> | 2017-08-18 08:09:38 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-08-18 08:09:38 -0400 |
commit | ad262caef9f095e00ce51945020142838d93960e (patch) | |
tree | f592b6bdba5b159cfe7e09e79c1dce8b8535fd46 /test | |
parent | private-lib (diff) | |
download | firejail-ad262caef9f095e00ce51945020142838d93960e.tar.gz firejail-ad262caef9f095e00ce51945020142838d93960e.tar.zst firejail-ad262caef9f095e00ce51945020142838d93960e.zip |
memory-deny-write-execute testing
Diffstat (limited to 'test')
-rwxr-xr-x | test/filters/filters.sh | 3 | ||||
-rwxr-xr-x | test/filters/memwrexe | bin | 0 -> 13168 bytes | |||
-rw-r--r-- | test/filters/memwrexe.c | 76 | ||||
-rwxr-xr-x | test/filters/memwrexe.exp | 34 |
4 files changed, 113 insertions, 0 deletions
diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 6a5ec2b87..8f659237a 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh | |||
@@ -15,6 +15,9 @@ fi | |||
15 | 15 | ||
16 | export PATH="$PATH:/usr/lib/firejail" | 16 | export PATH="$PATH:/usr/lib/firejail" |
17 | 17 | ||
18 | echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" | ||
19 | ./memwrexe.exp | ||
20 | |||
18 | echo "TESTING: debug options (test/filters/debug.exp)" | 21 | echo "TESTING: debug options (test/filters/debug.exp)" |
19 | ./debug.exp | 22 | ./debug.exp |
20 | 23 | ||
diff --git a/test/filters/memwrexe b/test/filters/memwrexe new file mode 100755 index 000000000..3a079672c --- /dev/null +++ b/test/filters/memwrexe | |||
Binary files differ | |||
diff --git a/test/filters/memwrexe.c b/test/filters/memwrexe.c new file mode 100644 index 000000000..7e14aa23d --- /dev/null +++ b/test/filters/memwrexe.c | |||
@@ -0,0 +1,76 @@ | |||
1 | #include <stdio.h> | ||
2 | #include <stdlib.h> | ||
3 | #include <string.h> | ||
4 | #include <unistd.h> | ||
5 | #include <sys/types.h> | ||
6 | #include <sys/stat.h> | ||
7 | #include <fcntl.h> | ||
8 | #include <sys/mman.h> | ||
9 | |||
10 | static void usage(void) { | ||
11 | printf("memwrexe options\n"); | ||
12 | printf("where options is:\n"); | ||
13 | printf("\tmmap - mmap test\n"); | ||
14 | printf("\tmprotect - mprotect test\n"); | ||
15 | } | ||
16 | |||
17 | int main(int argc, char **argv) { | ||
18 | if (argc != 2) { | ||
19 | fprintf(stderr, "TESTING ERROR: memwrexe insufficient params\n"); | ||
20 | usage(); | ||
21 | return 1; | ||
22 | } | ||
23 | |||
24 | if (strcmp(argv[1], "mmap") == 0) { | ||
25 | // open some file | ||
26 | int fd = open("memwrexe.c", O_RDONLY); | ||
27 | if (fd == -1) { | ||
28 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | ||
29 | return 1; | ||
30 | } | ||
31 | |||
32 | int size = lseek(fd, 0, SEEK_END); | ||
33 | if (size == -1) { | ||
34 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | ||
35 | return 1; | ||
36 | } | ||
37 | |||
38 | void *p = mmap (0, size, PROT_WRITE|PROT_READ|PROT_EXEC, MAP_SHARED, fd, 0); | ||
39 | printf("mmap successful\n"); | ||
40 | |||
41 | // wait for expect to timeout | ||
42 | sleep(100); | ||
43 | |||
44 | return 0; | ||
45 | } | ||
46 | |||
47 | else if (strcmp(argv[1], "mprotect") == 0) { | ||
48 | // open some file | ||
49 | int fd = open("memwrexe.c", O_RDWR); | ||
50 | if (fd == -1) { | ||
51 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | ||
52 | return 1; | ||
53 | } | ||
54 | |||
55 | int size = lseek(fd, 0, SEEK_END); | ||
56 | if (size == -1) { | ||
57 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | ||
58 | return 1; | ||
59 | } | ||
60 | |||
61 | void *p = mmap (0, size, PROT_READ, MAP_SHARED, fd, 0); | ||
62 | if (!p) { | ||
63 | fprintf(stderr, "TESTING ERROR: cannot map file for mprotect test\n"); | ||
64 | return 1; | ||
65 | } | ||
66 | |||
67 | mprotect(p, size, PROT_READ|PROT_WRITE|PROT_EXEC); | ||
68 | printf("mprotect successful\n"); | ||
69 | |||
70 | // wait for expect to timeout | ||
71 | sleep(100); | ||
72 | |||
73 | return 0; | ||
74 | } | ||
75 | } | ||
76 | \ No newline at end of file | ||
diff --git a/test/filters/memwrexe.exp b/test/filters/memwrexe.exp new file mode 100755 index 000000000..6a57b8a07 --- /dev/null +++ b/test/filters/memwrexe.exp | |||
@@ -0,0 +1,34 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2017 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --memory-deny-write-execute ./memwrexe mmap\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "mmap successful" {puts "TESTING ERROR 2\n";exit} | ||
18 | "Parent is shutting down" | ||
19 | } | ||
20 | after 100 | ||
21 | |||
22 | send -- "firejail --memory-deny-write-execute ./memwrexe mprotect\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 10\n";exit} | ||
25 | "Child process initialized" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 11\n";exit} | ||
29 | "mprotect successful" {puts "TESTING ERROR 12\n";exit} | ||
30 | "Parent is shutting down" | ||
31 | } | ||
32 | |||
33 | after 100 | ||
34 | puts "\nall done\n" | ||