seccomp: drop SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN, add test for shmat

SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN was conflating two separate things: 1. whether shmat/shmdt/shmget can be filtered (if ipc multiplexer is used, they can not) 2. whether we know this for the current architecture For i386, shmat is implemented as ipc, so seccomp filter is "broken" for shmat, but not for mmap, and SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN cannot be used to cover both cases. The define was only used for tests — not in the implementation in seccomp-util.c. So let's get rid of SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN and encode the right condition directly in tests.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2017-05-04 16:09:53 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2017-05-08 00:59:37 +0200
commit: 2a65bd94e44f121a27afd39fdde6b462394c3e59 (patch)
tree: 887d4d4620a8ae018c046da191a7b92fcd1e3c53 /src/test/test-seccomp.c
parent: test-seccomp: limit the code under #ifdef (diff)
download: systemd-2a65bd94e44f121a27afd39fdde6b462394c3e59.tar.xz
systemd-2a65bd94e44f121a27afd39fdde6b462394c3e59.zip
1 files changed, 58 insertions, 8 deletions
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 75dfed40aa..0efb712062 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -21,8 +21,10 @@
 #include <stdlib.h>
 #include <sys/eventfd.h>
 #include <sys/mman.h>
-#include <unistd.h>
 #include <sys/poll.h>
+#include <sys/shm.h>
+#include <sys/types.h>
+#include <unistd.h>
 
 #include "alloc-util.h"
 #include "fd-util.h"
@@ -371,7 +373,7 @@ static void test_restrict_realtime(void) {
         assert_se(wait_for_terminate_and_warn("realtimeseccomp", pid, true) == EXIT_SUCCESS);
 }
 
-static void test_memory_deny_write_execute(void) {
+static void test_memory_deny_write_execute_mmap(void) {
         pid_t pid;
 
         if (!is_seccomp_available())
@@ -396,12 +398,12 @@ static void test_memory_deny_write_execute(void) {
                 assert_se(seccomp_memory_deny_write_execute() >= 0);
 
                 p = mmap(NULL, page_size(), PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1,0);
-#if SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN
-                assert_se(p != MAP_FAILED);
-                assert_se(munmap(p, page_size()) >= 0);
-#else
+#if defined(__x86_64__) || defined(__i386__)
                 assert_se(p == MAP_FAILED);
                 assert_se(errno == EPERM);
+#else /* unknown architectures */
+                assert_se(p != MAP_FAILED);
+                assert_se(munmap(p, page_size()) >= 0);
 #endif
 
                 p = mmap(NULL, page_size(), PROT_WRITE|PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1,0);
@@ -411,7 +413,54 @@ static void test_memory_deny_write_execute(void) {
                 _exit(EXIT_SUCCESS);
         }
 
-        assert_se(wait_for_terminate_and_warn("memoryseccomp", pid, true) == EXIT_SUCCESS);
+        assert_se(wait_for_terminate_and_warn("memoryseccomp-mmap", pid, true) == EXIT_SUCCESS);
+}
+
+static void test_memory_deny_write_execute_shmat(void) {
+        int shmid;
+        pid_t pid;
+
+        if (!is_seccomp_available())
+                return;
+        if (geteuid() != 0)
+                return;
+
+        shmid = shmget(IPC_PRIVATE, page_size(), 0);
+        assert_se(shmid >= 0);
+
+        pid = fork();
+        assert_se(pid >= 0);
+
+        if (pid == 0) {
+                void *p;
+
+                p = shmat(shmid, NULL, 0);
+                assert_se(p != MAP_FAILED);
+                assert_se(shmdt(p) == 0);
+
+                p = shmat(shmid, NULL, SHM_EXEC);
+                assert_se(p != MAP_FAILED);
+                assert_se(shmdt(p) == 0);
+
+                assert_se(seccomp_memory_deny_write_execute() >= 0);
+
+                p = shmat(shmid, NULL, SHM_EXEC);
+#if defined(__x86_64__)
+                assert_se(p == MAP_FAILED);
+                assert_se(errno == EPERM);
+#else /* __i386__ and "unknown" architectures */
+                assert_se(p != MAP_FAILED);
+                assert_se(shmdt(p) == 0);
+#endif
+
+                p = shmat(shmid, NULL, 0);
+                assert_se(p != MAP_FAILED);
+                assert_se(shmdt(p) == 0);
+
+                _exit(EXIT_SUCCESS);
+        }
+
+        assert_se(wait_for_terminate_and_warn("memoryseccomp-shmat", pid, true) == EXIT_SUCCESS);
 }
 
 static void test_restrict_archs(void) {
@@ -510,7 +559,8 @@ int main(int argc, char *argv[]) {
         test_protect_sysctl();
         test_restrict_address_families();
         test_restrict_realtime();
-        test_memory_deny_write_execute();
+        test_memory_deny_write_execute_mmap();
+        test_memory_deny_write_execute_shmat();
         test_restrict_archs();
         test_load_syscall_filter_set_raw();
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2017-05-04 16:09:53 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2017-05-08 00:59:37 +0200
commit	2a65bd94e44f121a27afd39fdde6b462394c3e59 (patch)
tree	887d4d4620a8ae018c046da191a7b92fcd1e3c53 /src/test/test-seccomp.c
parent	test-seccomp: limit the code under #ifdef (diff)
download	systemd-2a65bd94e44f121a27afd39fdde6b462394c3e59.tar.xz systemd-2a65bd94e44f121a27afd39fdde6b462394c3e59.zip