diff options
| author | Topi Miettinen <toiwoton@gmail.com> | 2017-07-04 14:48:18 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2017-08-29 15:54:50 +0200 |
| commit | 78e864e5b3cc11b72ae663f49f42f158cafbfedf (patch) | |
| tree | 85d0a246d06126e77b1a13c9c80ee99111f53c9c /src/test/test-seccomp.c | |
| parent | Merge pull request #6636 from sourcejedi/fsync (diff) | |
| download | systemd-78e864e5b3cc11b72ae663f49f42f158cafbfedf.tar.xz systemd-78e864e5b3cc11b72ae663f49f42f158cafbfedf.zip | |
seccomp: LockPersonality boolean (#6193)
Add LockPersonality boolean to allow locking down personality(2)
system call so that the execution domain can't be changed.
This may be useful to improve security because odd emulations
may be poorly tested and source of vulnerabilities, while
system services shouldn't need any weird personalities.
Diffstat (limited to '')
| -rw-r--r-- | src/test/test-seccomp.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 28fe206507..7ffbc4754e 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -21,6 +21,7 @@ #include <stdlib.h> #include <sys/eventfd.h> #include <sys/mman.h> +#include <sys/personality.h> #include <sys/poll.h> #include <sys/shm.h> #include <sys/types.h> @@ -565,6 +566,40 @@ static void test_load_syscall_filter_set_raw(void) { assert_se(wait_for_terminate_and_warn("syscallrawseccomp", pid, true) == EXIT_SUCCESS); } +static void test_lock_personality(void) { + pid_t pid; + + if (!is_seccomp_available()) + return; + if (geteuid() != 0) + return; + + pid = fork(); + assert_se(pid >= 0); + + if (pid == 0) { + assert_se(seccomp_lock_personality(PER_LINUX) >= 0); + + assert_se(personality(PER_LINUX) == PER_LINUX); + assert_se(personality(PER_LINUX | ADDR_NO_RANDOMIZE) == -1 && errno == EPERM); + assert_se(personality(PER_LINUX | MMAP_PAGE_ZERO) == -1 && errno == EPERM); + assert_se(personality(PER_LINUX | ADDR_COMPAT_LAYOUT) == -1 && errno == EPERM); + assert_se(personality(PER_LINUX | READ_IMPLIES_EXEC) == -1 && errno == EPERM); + assert_se(personality(PER_LINUX_32BIT) == -1 && errno == EPERM); + assert_se(personality(PER_SVR4) == -1 && errno == EPERM); + assert_se(personality(PER_BSD) == -1 && errno == EPERM); + assert_se(personality(PER_LINUX32) == -1 && errno == EPERM); + assert_se(personality(PER_LINUX32_3GB) == -1 && errno == EPERM); + assert_se(personality(PER_UW7) == -1 && errno == EPERM); + assert_se(personality(0x42) == -1 && errno == EPERM); + assert_se(personality(PERSONALITY_INVALID) == -1 && errno == EPERM); /* maybe remove this later */ + assert_se(personality(PER_LINUX) == PER_LINUX); + _exit(EXIT_SUCCESS); + } + + assert_se(wait_for_terminate_and_warn("lockpersonalityseccomp", pid, true) == EXIT_SUCCESS); +} + int main(int argc, char *argv[]) { log_set_max_level(LOG_DEBUG); @@ -581,6 +616,7 @@ int main(int argc, char *argv[]) { test_memory_deny_write_execute_shmat(); test_restrict_archs(); test_load_syscall_filter_set_raw(); + test_lock_personality(); return 0; } |