1/*-
2 * Copyright (c) 2005 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD$
27 */
28
29#include <sys/types.h>
30#include <sys/mman.h>
31
32#include <err.h>
33#include <errno.h>
34#include <pwd.h>
35#include <stdlib.h>
36#include <string.h>
37#include <unistd.h>
38
39#define	NOBODY	"nobody"
40
41/*
42 * Simple exercise for the mlock() system call -- confirm that mlock() and
43 * munlock() return success on an anonymously mapped memory page when running
44 * with privilege; confirm that they fail with EPERM when running
45 * unprivileged.
46 */
47int
48main(int argc, char *argv[])
49{
50	struct passwd *pwd;
51	int pagesize;
52	char *page;
53
54	if (geteuid() != 0)
55		errx(-1, "mlock must run as root");
56
57	errno = 0;
58	pwd = getpwnam(NOBODY);
59	if (pwd == NULL && errno == 0)
60		errx(-1, "getpwnam: user \"%s\" not found", NOBODY);
61	if (pwd == NULL)
62		errx(-1, "getpwnam: %s", strerror(errno));
63	if (pwd->pw_uid == 0)
64		errx(-1, "getpwnam: user \"%s\" has uid 0", NOBODY);
65
66	pagesize = getpagesize();
67	page = mmap(NULL, pagesize, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0);
68	if (page == MAP_FAILED)
69		errx(-1, "mmap: %s", strerror(errno));
70
71	if (mlock(page, pagesize) < 0)
72		errx(-1, "mlock privileged: %s", strerror(errno));
73
74	if (munlock(page, pagesize) < 0)
75		errx(-1, "munlock privileged: %s", strerror(errno));
76
77	if (seteuid(pwd->pw_uid) < 0)
78		errx(-1, "seteuid: %s", strerror(errno));
79
80	if (mlock(page, pagesize) == 0)
81		errx(-1, "mlock unprivileged: succeeded but shouldn't have");
82	if (errno != EPERM)
83		errx(-1, "mlock unprivileged: %s", strerror(errno));
84
85	if (munlock(page, pagesize) == 0)
86		errx(-1, "munlock unprivileged: succeeded but shouldn't have");
87	if (errno != EPERM)
88		errx(-1, "munlock unprivileged: %s", strerror(errno));
89
90	return (0);
91}
92