1 /* $NetBSD: t_chroot.c,v 1.1 2011/07/07 06:57:53 jruoho Exp $ */
4 * Copyright (c) 2011 The NetBSD Foundation, Inc.
7 * This code is derived from software contributed to The NetBSD Foundation
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
31 #include <sys/cdefs.h>
32 __RCSID("$NetBSD: t_chroot.c,v 1.1 2011/07/07 06:57:53 jruoho Exp $");
50 ATF_TC_HEAD(chroot_basic, tc)
52 atf_tc_set_md_var(tc, "descr", "A basic test of chroot(2)");
53 atf_tc_set_md_var(tc, "require.user", "root");
56 ATF_TC_BODY(chroot_basic, tc)
62 (void)memset(buf, '\0', sizeof(buf));
63 (void)getcwd(buf, sizeof(buf));
64 (void)strlcat(buf, "/dir", sizeof(buf));
66 ATF_REQUIRE(mkdir(buf, 0500) == 0);
67 ATF_REQUIRE(chdir(buf) == 0);
70 ATF_REQUIRE(pid >= 0);
79 if (chroot("/root") != -1)
85 fd = open("file", O_RDONLY | O_CREAT, 0600);
98 if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
99 atf_tc_fail("chroot(2) failed");
102 (void)strlcat(buf, "/file", sizeof(buf));
104 fd = open(buf, O_RDONLY);
107 atf_tc_fail("chroot(2) did not change the root directory");
109 ATF_REQUIRE(close(fd) == 0);
110 ATF_REQUIRE(unlink(buf) == 0);
114 ATF_TC_HEAD(chroot_err, tc)
116 atf_tc_set_md_var(tc, "descr", "Test error conditions of chroot(2)");
117 atf_tc_set_md_var(tc, "require.user", "root");
120 ATF_TC_BODY(chroot_err, tc)
122 char buf[PATH_MAX + 1];
124 (void)memset(buf, 'x', sizeof(buf));
127 ATF_REQUIRE_ERRNO(ENAMETOOLONG, chroot(buf) == -1);
130 ATF_REQUIRE_ERRNO(EFAULT, chroot((void *)-1) == -1);
133 ATF_REQUIRE_ERRNO(ENOENT, chroot("/a/b/c/d/e/f/g/h/i/j") == -1);
137 ATF_TC_HEAD(chroot_perm, tc)
139 atf_tc_set_md_var(tc, "descr", "Test permissions with chroot(2)");
140 atf_tc_set_md_var(tc, "require.user", "unprivileged");
143 ATF_TC_BODY(chroot_perm, tc)
145 static char buf[LINE_MAX];
149 (void)memset(buf, '\0', sizeof(buf));
150 ATF_REQUIRE(getcwd(buf, sizeof(buf)) != NULL);
153 ATF_REQUIRE(pid >= 0);
159 if (chroot(buf) != -1)
170 if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
171 atf_tc_fail("chroot(2) succeeded as unprivileged user");
175 ATF_TC(fchroot_basic);
176 ATF_TC_HEAD(fchroot_basic, tc)
178 atf_tc_set_md_var(tc, "descr", "A basic test of fchroot(2)");
179 atf_tc_set_md_var(tc, "require.user", "root");
182 ATF_TC_BODY(fchroot_basic, tc)
188 (void)memset(buf, '\0', sizeof(buf));
189 (void)getcwd(buf, sizeof(buf));
190 (void)strlcat(buf, "/dir", sizeof(buf));
192 ATF_REQUIRE(mkdir(buf, 0500) == 0);
193 ATF_REQUIRE(chdir(buf) == 0);
195 fd = open(buf, O_RDONLY);
196 ATF_REQUIRE(fd >= 0);
199 ATF_REQUIRE(pid >= 0);
203 if (fchroot(fd) != 0)
209 fd = open("file", O_RDONLY | O_CREAT, 0600);
222 if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
223 atf_tc_fail("fchroot(2) failed");
226 (void)strlcat(buf, "/file", sizeof(buf));
228 fd = open(buf, O_RDONLY);
231 atf_tc_fail("fchroot(2) did not change the root directory");
233 ATF_REQUIRE(close(fd) == 0);
234 ATF_REQUIRE(unlink(buf) == 0);
238 ATF_TC_HEAD(fchroot_err, tc)
240 atf_tc_set_md_var(tc, "descr", "Test error conditions of fchroot(2)");
241 atf_tc_set_md_var(tc, "require.user", "root");
244 ATF_TC_BODY(fchroot_err, tc)
248 fd = open("/etc/passwd", O_RDONLY);
249 ATF_REQUIRE(fd >= 0);
252 ATF_REQUIRE_ERRNO(EBADF, fchroot(-1) == -1);
255 ATF_REQUIRE_ERRNO(ENOTDIR, fchroot(fd) == -1);
257 ATF_REQUIRE(close(fd) == 0);
260 ATF_TC(fchroot_perm);
261 ATF_TC_HEAD(fchroot_perm, tc)
263 atf_tc_set_md_var(tc, "descr", "Test permissions with fchroot(2)");
264 atf_tc_set_md_var(tc, "require.user", "root");
267 ATF_TC_BODY(fchroot_perm, tc)
269 static char buf[LINE_MAX];
274 (void)memset(buf, '\0', sizeof(buf));
275 ATF_REQUIRE(getcwd(buf, sizeof(buf)) != NULL);
277 pw = getpwnam("nobody");
278 fd = open(buf, O_RDONLY);
280 ATF_REQUIRE(fd >= 0);
281 ATF_REQUIRE(pw != NULL);
284 ATF_REQUIRE(pid >= 0);
288 (void)setuid(pw->pw_uid);
292 if (fchroot(fd) != -1)
303 if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
304 atf_tc_fail("fchroot(2) succeeded as unprivileged user");
311 ATF_TP_ADD_TC(tp, chroot_basic);
312 ATF_TP_ADD_TC(tp, chroot_err);
313 ATF_TP_ADD_TC(tp, chroot_perm);
315 ATF_TP_ADD_TC(tp, fchroot_basic);
316 ATF_TP_ADD_TC(tp, fchroot_err);
317 ATF_TP_ADD_TC(tp, fchroot_perm);
320 return atf_no_error();