priv_vfs_chroot.c (162271) | priv_vfs_chroot.c (172106) |
---|---|
1/*- 2 * Copyright (c) 2006 nCircle Network Security, Inc. | 1/*- 2 * Copyright (c) 2006 nCircle Network Security, Inc. |
3 * Copyright (c) 2007 Robert N. M. Watson |
|
3 * All rights reserved. 4 * 5 * This software was developed by Robert N. M. Watson for the TrustedBSD 6 * Project under contract to nCircle Network Security, Inc. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: --- 10 unchanged lines hidden (view full) --- 21 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 23 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 24 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 25 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 26 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * | 4 * All rights reserved. 5 * 6 * This software was developed by Robert N. M. Watson for the TrustedBSD 7 * Project under contract to nCircle Network Security, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: --- 10 unchanged lines hidden (view full) --- 22 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 24 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 * |
29 * $FreeBSD: head/tools/regression/priv/priv_vfs_chroot.c 162271 2006-09-13 09:05:39Z rwatson $ | 30 * $FreeBSD: head/tools/regression/priv/priv_vfs_chroot.c 172106 2007-09-09 23:08:39Z rwatson $ |
30 */ 31 32/* | 31 */ 32 33/* |
33 * Test that chroot() requires privilege; try with, and without. Do a no-op 34 * chroot() to "/". | 34 * Test that chroot() requires privilege--do a no-op chroot() to "/". |
35 * 36 * XXXRW: Would also be good to check fchroot() permission, but that is not 37 * exposed via the BSD API. 38 */ 39 40#include <err.h> 41#include <errno.h> 42#include <unistd.h> 43 44#include "main.h" 45 | 35 * 36 * XXXRW: Would also be good to check fchroot() permission, but that is not 37 * exposed via the BSD API. 38 */ 39 40#include <err.h> 41#include <errno.h> 42#include <unistd.h> 43 44#include "main.h" 45 |
46int 47priv_vfs_chroot_setup(int asroot, int injail, struct test *test) 48{ 49 50 return (0); 51} 52 |
|
46void | 53void |
47priv_vfs_chroot(void) | 54priv_vfs_chroot(int asroot, int injail, struct test *test) |
48{ 49 int error; 50 | 55{ 56 int error; 57 |
51 assert_root(); | 58 error = chroot("/"); 59 if (asroot && injail) 60 expect("priv_vfs_chroot(asroot, injail)", error, 0, 0); 61 if (asroot && !injail) 62 expect("priv_vfs_chroot(asroot, !injail)", error, 0, 0); 63 if (!asroot && injail) 64 expect("priv_vfs_chroot(!asroot, injail)", error, -1, EPERM); 65 if (!asroot && !injail) 66 expect("priv_vfs_chroot(!asroot, !injail)", error, -1, EPERM); 67} |
52 | 68 |
53 if (chroot("/") < 0) 54 err(-1, "chroot(\"/\") as root"); | 69void 70priv_vfs_chroot_cleanup(int asroot, int injail, struct test *test) 71{ |
55 | 72 |
56 set_euid(UID_OTHER); 57 58 error = chroot("/"); 59 if (error == 0) 60 errx(-1, "chroot(\"/\") succeeded as !root"); 61 if (errno != EPERM) 62 err(-1, "chroot(\"/\") wrong errno %d as !root", errno); | |
63} | 73} |