Date: Mon, 4 Jun 2018 08:49:39 +0530 From: Aniket Pandey <aniketp@freebsd.org> To: soc-status@freebsd.org Cc: asomers@freebsd.org, George Neville-Neil <gnn@neville-neil.com>, robert.watson@cl.cam.ac.uk, gavin@freebsd.org Subject: [GSoC-18] Regression Test-Suite for Audit Framework [Week-3] Message-ID: <CADsqe1BrGAFckAHVZ8McXQuZn-Y_E7FBf439Ceqs_c0S44q2Uw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello all,
In the third week, as promised, I was able to finish off my proposed work
of creating ATF-C test cases of all general auditable system calls as
defined in audit_kevents.h header. Currently, a total of 504 test cases for
161 system calls for all 13 audit classes have been developed. However, the
main work isn't done yet. There are a few administrative system calls which
demand some careful analysis while building the test cases, so as not to
mess up any system-wide configurations.
Actually, I had anticipated a total of around 550-600 test cases at the end
of week 3, going by the progress and the behavior of already tested system
calls. But it turns out, that testing either the success or failure modes
of a few process control or administrative system calls is not possible.
For example, I can't reboot(2) the system in the middle of running the
regression tests so the success mode is ruled out. Also, I can't direct the
kernel to start a new audit trail in the middle of running the tests by
invoking auditctl(2). And a lot of process control system calls never fail.
Like setre{u/g}id(2), umask(2). So that essentially resulted in lesser
number of test cases than expected.
Although the base test-suite is done, I haven't yet done any analysis of
the system calls which enforce capability mode on processes and limit
capability rights on certain file descriptors. Syscalls like cap_enter(2),
cap_rights_limit(2) and cap_ioctls_limit(2) are in fact auditable and need
to be tested accordingly. I'll have a look at their implementation and
would plan out the appropriate testing strategy.
Some system calls in process-control audit class caused intermittent test
failures for reasons I'm not sure of yet. Though this was only recurring
when the system-wide audit mask was set as "pc", i.e same as the test
program. However, on trying to debug a random test case using Kyua(7), I
noticed the occurrence of an extraneous wait4(2) event. wait4(2) evidently
timed out the test and as a result, the system call in question was never
audited. I'm not entirely sure as to why that was happening, that too when
auditpipe(4) showed up the system call in a separate invocation. I'll try
to figure out this issue in the next week.
Most of the week, however, was spent on reviewing and committing the
differentials I had created earlier. The first revision, D15286 broke
builds on multiple architectures as reported by Ed. Though it turned out
that importing "libbsm.h" in my utility program caused the builds to break
with GCC due to some redundant function declarations within the same header
which were added in one of the earlier commits but were never required.
This issue was resolved by my mentor Alan Somers in rS334388
<https://reviews.freebsd.org/rS334388>; .
List of differentials merged:
1. D15286: https://reviews.freebsd.org/rS334360
2. D15561: https://reviews.freebsd.org/rS334403
3. D15618: https://reviews.freebsd.org/rS334390
4. D15620: https://reviews.freebsd.org/rS334394
5. D15636: https://reviews.freebsd.org/rS334471
6. D15640: https://reviews.freebsd.org/rS334487
7. D15647: https://reviews.freebsd.org/rS334496
8. D15650: https://reviews.freebsd.org/rS334592
Detailed info about each of these differentials can be found in the Project
Wiki [1].
Differential currently in review:
1. D15657 <https://reviews.freebsd.org/D15657>; [open(2) and openat(2)
audit events]
As a stretch goal, on the suggestion of one of my other mentor Robert
Watson, I'll try to work on the FreeBSD's CADETS version, which has a
number of extensions to capture additional system calls and their arguments
and to ensure that the audit system within CADETS works as expected.
Thank You,
With best regards,
Aniket Pandey
Project Wiki
[1]
https://wiki.freebsd.org/SummerOfCode2018Projects/RegressionTestSuiteForAuditFramework
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADsqe1BrGAFckAHVZ8McXQuZn-Y_E7FBf439Ceqs_c0S44q2Uw>