1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
#
# NOTE the built tests are all designed to be run from this
# working directory when built DYNAMIC=yes. That is, they
# link to the shared libraries in ../libcap/ .
#
topdir=$(shell pwd)/..
include ../Make.Rules
#
all:
@echo leave test building to test target
install:
@echo nothing to install from tests
ifeq ($(DYNAMIC),yes)
LINKEXTRA=-Wl,-rpath,../libcap
DEPS=../libcap/libcap.so
ifeq ($(PTHREADS),yes)
DEPS += ../libcap/libpsx.so
endif
else
# For this build variant override the LDFLAGS to link statically from
# libraries within the build tree. If you never want this, use
# make DYNAMIC=yes ...
LDFLAGS = --static
DEPS=../libcap/libcap.a
ifeq ($(PTHREADS),yes)
DEPS += ../libcap/libpsx.a
endif
endif
../libcap/libcap.so:
$(MAKE) -C ../libcap libcap.so
../libcap/libcap.a:
$(MAKE) -C ../libcap libcap.a
ifeq ($(PTHREADS),yes)
../libcap/libpsx.so:
$(MAKE) -C ../libcap libpsx.so
../libcap/libpsx.a:
$(MAKE) -C ../libcap libpsx.a
endif
../progs/tcapsh-static:
$(MAKE) -C ../progs tcapsh-static
test:
ifeq ($(PTHREADS),yes)
$(MAKE) run_psx_test run_libcap_psx_test
endif
sudotest: test
$(MAKE) run_uns_test
$(MAKE) run_libcap_launch_test
ifeq ($(PTHREADS),yes)
$(MAKE) run_libcap_psx_launch_test run_exploit_test
endif
# unprivileged
run_psx_test: psx_test
./psx_test
psx_test: psx_test.c $(DEPS)
$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB)
run_libcap_psx_test: libcap_psx_test
./libcap_psx_test
libcap_psx_test: libcap_psx_test.c $(DEPS)
$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB)
# privileged
uns_test: uns_test.c $(DEPS)
$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB)
run_uns_test: uns_test
echo exit | $(SUDO) ./uns_test
run_libcap_launch_test: libcap_launch_test noop ../progs/tcapsh-static
$(SUDO) ./libcap_launch_test
run_libcap_psx_launch_test: libcap_psx_launch_test ../progs/tcapsh-static
$(SUDO) ./libcap_psx_launch_test
libcap_launch_test: libcap_launch_test.c $(DEPS)
$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB)
# This varies only slightly from the above insofar as it currently
# only links in the pthreads fork support. TODO() we need to change
# the source to do something interesting with pthreads.
libcap_psx_launch_test: libcap_launch_test.c $(DEPS)
$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB)
# This test demonstrates that libpsx is needed to secure multithreaded
# programs that link against libcap.
run_exploit_test: exploit noexploit
@echo exploit should succeed
$(SUDO) ./exploit ; if [ $$? -ne 0 ]; then exit 0; else exit 1 ; fi
@echo exploit should fail
$(SUDO) ./noexploit ; if [ $$? -eq 0 ]; then exit 0; else exit 1 ; fi
exploit: exploit.o $(DEPS)
$(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread
# Note, for some reason, the order of libraries is important to avoid
# the exploit working for dynamic linking.
noexploit: exploit.o $(DEPS)
$(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB)
# This one runs in a chroot with no shared library files.
noop: noop.c
$(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ --static
clean:
rm -f psx_test libcap_psx_test libcap_launch_test uns_test *~
rm -f libcap_launch_test libcap_psx_launch_test core noop
rm -f exploit noexploit exploit.o
|
