From ad262caef9f095e00ce51945020142838d93960e Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 18 Aug 2017 08:09:38 -0400 Subject: memory-deny-write-execute testing --- test/filters/filters.sh | 3 ++ test/filters/memwrexe | Bin 0 -> 13168 bytes test/filters/memwrexe.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++ test/filters/memwrexe.exp | 34 +++++++++++++++++++++ 4 files changed, 113 insertions(+) create mode 100755 test/filters/memwrexe create mode 100644 test/filters/memwrexe.c create mode 100755 test/filters/memwrexe.exp (limited to 'test') diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 6a5ec2b87..8f659237a 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh @@ -15,6 +15,9 @@ fi export PATH="$PATH:/usr/lib/firejail" +echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" +./memwrexe.exp + echo "TESTING: debug options (test/filters/debug.exp)" ./debug.exp diff --git a/test/filters/memwrexe b/test/filters/memwrexe new file mode 100755 index 000000000..3a079672c Binary files /dev/null and b/test/filters/memwrexe differ diff --git a/test/filters/memwrexe.c b/test/filters/memwrexe.c new file mode 100644 index 000000000..7e14aa23d --- /dev/null +++ b/test/filters/memwrexe.c @@ -0,0 +1,76 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +static void usage(void) { + printf("memwrexe options\n"); + printf("where options is:\n"); + printf("\tmmap - mmap test\n"); + printf("\tmprotect - mprotect test\n"); +} + +int main(int argc, char **argv) { + if (argc != 2) { + fprintf(stderr, "TESTING ERROR: memwrexe insufficient params\n"); + usage(); + return 1; + } + + if (strcmp(argv[1], "mmap") == 0) { + // open some file + int fd = open("memwrexe.c", O_RDONLY); + if (fd == -1) { + fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); + return 1; + } + + int size = lseek(fd, 0, SEEK_END); + if (size == -1) { + fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); + return 1; + } + + void *p = mmap (0, size, PROT_WRITE|PROT_READ|PROT_EXEC, MAP_SHARED, fd, 0); + printf("mmap successful\n"); + + // wait for expect to timeout + sleep(100); + + return 0; + } + + else if (strcmp(argv[1], "mprotect") == 0) { + // open some file + int fd = open("memwrexe.c", O_RDWR); + if (fd == -1) { + fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); + return 1; + } + + int size = lseek(fd, 0, SEEK_END); + if (size == -1) { + fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); + return 1; + } + + void *p = mmap (0, size, PROT_READ, MAP_SHARED, fd, 0); + if (!p) { + fprintf(stderr, "TESTING ERROR: cannot map file for mprotect test\n"); + return 1; + } + + mprotect(p, size, PROT_READ|PROT_WRITE|PROT_EXEC); + printf("mprotect successful\n"); + + // wait for expect to timeout + sleep(100); + + return 0; + } +} + \ No newline at end of file diff --git a/test/filters/memwrexe.exp b/test/filters/memwrexe.exp new file mode 100755 index 000000000..6a57b8a07 --- /dev/null +++ b/test/filters/memwrexe.exp @@ -0,0 +1,34 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2017 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --memory-deny-write-execute ./memwrexe mmap\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "mmap successful" {puts "TESTING ERROR 2\n";exit} + "Parent is shutting down" +} +after 100 + +send -- "firejail --memory-deny-write-execute ./memwrexe mprotect\r" +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 11\n";exit} + "mprotect successful" {puts "TESTING ERROR 12\n";exit} + "Parent is shutting down" +} + +after 100 +puts "\nall done\n" -- cgit v1.2.3-54-g00ecf