Created
April 8, 2017 11:53
-
-
Save tixxdz/39a583358f04d40b4d3e5571f95c075b to your computer and use it in GitHub Desktop.
ModAutoRestrict Linux Security Module test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <errno.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <unistd.h> | |
#include <linux/prctl.h> | |
#include <sys/prctl.h> | |
#include <sys/ptrace.h> | |
extern char **environ; | |
static char *args[] = { "/bin/bash", NULL }; | |
int main(int argc, const char **argv) | |
{ | |
int ret; | |
ret = prctl(PR_MOD_AUTO_RESTRICT_OPTS, PR_GET_MOD_AUTO_RESTRICT, 0, 0, 0); | |
if (ret >= 0 || errno != EINVAL) { | |
printf("Error PR_MOD_AUTO_RESTRICT_OPTS should fail with -EINVAL"); | |
return EXIT_FAILURE; | |
} | |
ret = prctl(PR_MOD_AUTO_RESTRICT_OPTS, PR_SET_MOD_AUTO_RESTRICT, 1, 0, 0); | |
if (ret < 0) { | |
fprintf(stderr, "Error PR_SET_MOD_AUTO_RESTRICT to 1 failed: %d (%m)\n", -errno); | |
return EXIT_FAILURE; | |
} | |
/* Pass extra non-zero argument */ | |
ret = prctl(PR_MOD_AUTO_RESTRICT_OPTS, PR_GET_MOD_AUTO_RESTRICT, 1, 0, 0); | |
if (ret >= 0 || errno != EINVAL) { | |
printf("Error PR_GET_MOD_AUTO_RESTRICT should fail with -EINVAL"); | |
return EXIT_FAILURE; | |
} | |
ret = prctl(PR_MOD_AUTO_RESTRICT_OPTS, PR_GET_MOD_AUTO_RESTRICT, 0, 0, 0); | |
if (ret < 0) { | |
fprintf(stderr, "Error PR_GET_MOD_AUTO_RESTRICT failed: %d (%m)\n", -errno); | |
return EXIT_FAILURE; | |
} | |
printf(" task PR_MOD_AUTO_RESTRICT: %d\n", ret); | |
ret = prctl(PR_MOD_AUTO_RESTRICT_OPTS, PR_SET_MOD_AUTO_RESTRICT, 0, 0, 0); | |
if (ret < 0) { | |
fprintf(stderr, "PR_SET_MOD_AUTO_RESTRICT to 0 failed: %d (%m)\n", -errno); | |
} else { | |
fprintf(stderr, "Error PR_SET_MOD_AUTO_RESTRICT to 0 succeeded\n"); | |
return EXIT_FAILURE; | |
} | |
ret = prctl(PR_MOD_AUTO_RESTRICT_OPTS, PR_SET_MOD_AUTO_RESTRICT, 2, 0, 0); | |
if (ret < 0) { | |
fprintf(stderr, "Error PR_SET_MOD_AUTO_RESTRICT to 2 failed: %d (%m)\n", -errno); | |
return EXIT_FAILURE; | |
} | |
ret = prctl(PR_MOD_AUTO_RESTRICT_OPTS, PR_GET_MOD_AUTO_RESTRICT, 0, 0, 0); | |
if (ret < 0) { | |
fprintf(stderr, "Error PR_GET_MOD_AUTO_RESTRICT failed: %d (%m)\n", -errno); | |
return EXIT_FAILURE; | |
} | |
printf(" task PR_TIMGAD_GET_MOD_RESTRICT: %d\n", ret); | |
execv(args[0], args); | |
fprintf(stderr, "error on execve(): %d (%m)\n", -errno); | |
exit(EXIT_FAILURE); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment