175422Srwatson$FreeBSD$ 275422Srwatson 375422Srwatson Inter-Process Authorization Test Suite 475422Srwatson Robert Watson, TrustedBSD Project 575422Srwatson 675422SrwatsonThis test suite attempts to determine the behavior of inter-process 775422Srwatsonauthorization policy present in the kernel. It analyzes a series of 875422Srwatsonimportant scenarios using specifically crafted process credentials 975422Srwatsonand a set of operations. It then reports on any divergence from the 1075422Srwatsonexpected results. 1175422Srwatson 1275422SrwatsonTest operations: 1375422Srwatson 1475422Srwatsonptrace cred1 attempts ptrace attach to cred2 1575447Srwatsonsighup cred1 attempts SIGHUP of cred2 1675447Srwatsonsigsegv cred1 attempts SIGSEGV of cred2 1775422Srwatsonsee cred1 attempts getpriority() on cred2 1875422Srwatsonsched cred1 attempts setpriority() on cred2 1975422Srwatson 2075422SrwatsonTest scenarioes: 2175422Srwatson 2275422Srwatsonpriv on priv root process on another root process 2375422Srwatsonpriv on unpriv1 root process on a non-root process 2475422Srwatsonunpriv1 on priv non-root process on a root process 2575422Srwatsonunpriv1 on unpriv1 non-root process on a similar non-root process 2675422Srwatsonunpriv1 on unpriv2 non-root process on a different non-root process 2775422Srwatsonunpriv1 on daemon1 non-root process on a root daemon process acting with 2875422Srwatson same non-root effective credentials 2975422Srwatsonunpriv1 on daemon2 non-root process on a root daemon process acting with 3075422Srwatson different non-root effective credentials 3175422Srwatsonunpriv1 on setuid1 non-root process on a setuid-root process with same 3275422Srwatson non-root real credentials 3375422Srwatsonunpriv1 on setuid2 non-root process on a setuid-root process with 3475422Srwatson different non-root real credentials 3575422Srwatson 3675422SrwatsonThe credential elements supported by the test suite are: 3775422Srwatson 3875422Srwatson effective uid 3975422Srwatson real uid 4075422Srwatson saved uid 4175422Srwatson P_SUGID flag 4275422Srwatson 4375422SrwatsonOther untested aspects of interest include groups, as well as session 4475422Srwatsonrelationship. Other test operations that might be of interest are SIGCONT, 4575447Srwatsonand SIGIO. 4675422Srwatson 4775422SrwatsonThe current set of tests includes some tests where normally the P_SUGID 4875422Srwatsonflag is set, but isn't in the test. The result is that some tests fail 4975422Srwatsonthat may not reflect real-world software configurations. However, they 5075422Srwatsondo point to possible changes that could be made in the authorization system 5175422Srwatsonto improve resilience to failure or violation of invariants. 5275422Srwatson 5375422SrwatsonThese tests rely on __setugid(), a system call enabled using options 5475422SrwatsonREGRESSION. 55