Date: Mon, 26 May 2014 15:30:56 GMT From: op@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r268641 - in soc2014/op/tests/smap-tester: kmod smap-test Message-ID: <201405261530.s4QFUuhP072400@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: op Date: Mon May 26 15:30:55 2014 New Revision: 268641 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=268641 Log: updated SMAP testing framework Signed-off-by: Oliver Pinter <oliver.pntr@gmail.com> Modified: soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c soc2014/op/tests/smap-tester/smap-test/Makefile soc2014/op/tests/smap-tester/smap-test/smap-test.c Modified: soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c ============================================================================== --- soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c Mon May 26 14:57:47 2014 (r268640) +++ soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c Mon May 26 15:30:55 2014 (r268641) @@ -31,17 +31,20 @@ return (error); if (strcmp(buf, agreement) == 0) { - printf("SMAP test enabled!\n"); + printf("{+} SMAP tests enabled!\n"); + uprintf("\n{+} SMAP tests enabled!\n"); allow_tests = true; } else { - printf("SMAP test disabled!\n"); + printf("{+} SMAP tests disabled!\n"); + uprintf("\n{+} SMAP tests disabled!\n"); allow_tests = false; } return (error); } -SYSCTL_PROC(_debug_smap, OID_AUTO, agreement_string, CTLTYPE_STRING | CTLFLAG_RW, +SYSCTL_PROC(_debug_smap, OID_AUTO, agreement_string, + CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_ANYBODY, 0, 0, sysctl_debug_smap_agreement, "A", "shoot my foot!!!11oneone!!"); @@ -51,15 +54,18 @@ int error=0; error = sysctl_handle_long(oidp, &us_addr, 0, req); - if (error != 0 || req->newptr == NULL) + if (error != 0 || req->newptr == NULL) { return (error); + } - printf("us_addr set to %p\n", us_addr); + printf("{+} us_addr set to %p\n", us_addr); + uprintf("\n{+} us_addr set to %p\n", us_addr); return (error); } -SYSCTL_PROC(_debug_smap, OID_AUTO, us_addr, CTLTYPE_LONG | CTLFLAG_RW, +SYSCTL_PROC(_debug_smap, OID_AUTO, us_addr, + CTLTYPE_LONG | CTLFLAG_RW | CTLFLAG_ANYBODY, 0, 0, sysctl_debug_smap_us_addr, "L", "user-space address"); @@ -74,6 +80,7 @@ case MOD_LOAD: buf = malloc(4096, M_SMAP_TEST, M_WAITOK | M_ZERO); printf("SMAP tester loaded.\n"); + printf("WARNING: vulnerable kernel module!\n"); break; case MOD_UNLOAD: free(buf, M_SMAP_TEST); Modified: soc2014/op/tests/smap-tester/smap-test/Makefile ============================================================================== --- soc2014/op/tests/smap-tester/smap-test/Makefile Mon May 26 14:57:47 2014 (r268640) +++ soc2014/op/tests/smap-tester/smap-test/Makefile Mon May 26 15:30:55 2014 (r268641) @@ -1,4 +1,5 @@ PROG= smap-test +CFLAGS+= -fPIC -DPIC NO_MAN= Modified: soc2014/op/tests/smap-tester/smap-test/smap-test.c ============================================================================== --- soc2014/op/tests/smap-tester/smap-test/smap-test.c Mon May 26 14:57:47 2014 (r268640) +++ soc2014/op/tests/smap-tester/smap-test/smap-test.c Mon May 26 15:30:55 2014 (r268641) @@ -1,10 +1,98 @@ #include <stdio.h> #include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <sys/sysctl.h> + +void test_prepare(void); +void test_allow(void); +void test_0(void); + +void test_destroy(void); + +const char *us_buf = NULL; int main(int argc, char **argv) { - printf("NI!\n"); + test_prepare(); + test_allow(); + + + test_destroy(); return (0); } + +void +test_prepare(void) +{ + void *us_addr=0; + long *oldp; + size_t oldps; + int error=0; + + /* prepare the user-space memory region */ + us_buf = strdup("Ez itt jo lenne nem kiolvasni!\n"); + if (us_buf == NULL) { + printf("[-] failed to prepare SMAP test\n"); + exit(1); + } + + /* take the user-space address */ + us_addr = (long)(void *)us_buf; + printf("[+] debug.smap.us_addr = %p\n", us_addr); + + /* read the old sysctl value */ + sysctlbyname("debug.smap.us_addr", NULL, &oldps, NULL, 0); + oldp = calloc(oldps, sizeof(char)); + error = sysctlbyname("debug.smap.us_addr", oldp, &oldps, NULL, 0); + if (error != 0) { + printf("[-] sysctl error - unable to read debug.smap.us_addr\n"); + exit(2); + } + printf("[+] debug.smap.us_addr = %p [old value]\n", oldp); + + /* push to the kernel the current user-space memory region */ + error = sysctlbyname("debug.smap.us_addr", NULL, 0, &us_addr, sizeof(us_addr)); + if (error != 0) { + printf("[-] sysctl error - unable to set debug.smap.us_addr\n"); + exit(3); + } + printf("[+] debug.smap.us_addr = %p [new value]\n", us_addr); +} + +void +test_destroy(void) +{ + const char *s = "tests disabled"; + int error; + + if (us_buf != NULL) { + free(us_buf); + us_buf = NULL; + } + + + sysctlbyname("debug.smap.agreement_string", NULL, 0, s, strlen(s)); + if (error != 0) { + printf("[-] sysctl error - unable to set test agreement\n"); + exit(4); + } + printf("[+] debug.smap.agreement_string = %s\n", s); +} + + +void +test_allow(void) +{ + const char *s = "shoot my foot!!!11oneone!!"; + int error; + + sysctlbyname("debug.smap.agreement_string", NULL, 0, s, strlen(s)); + if (error != 0) { + printf("[-] sysctl error - unable to set test agreement\n"); + exit(4); + } + printf("[+] debug.smap.agreement_string = %s\n", s); +}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405261530.s4QFUuhP072400>