lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Oct 2022 10:32:15 +0200 From: Mickaël Salaün <mic@...ikod.net> To: "Konstantin Meskhidze (A)" <konstantin.meskhidze@...wei.com> Cc: willemdebruijn.kernel@...il.com, gnoack3000@...il.com, linux-security-module@...r.kernel.org, netdev@...r.kernel.org, netfilter-devel@...r.kernel.org, anton.sirazetdinov@...wei.com Subject: Re: [PATCH v7 16/18] seltests/landlock: add invalid input data test On 11/10/2022 09:55, Konstantin Meskhidze (A) wrote: > > > 10/10/2022 1:37 PM, Mickaël Salaün пишет: >> >> On 12/09/2022 19:22, Mickaël Salaün wrote: >>> >>> On 10/09/2022 22:51, Konstantin Meskhidze (A) wrote: >>>> >>>> >>>> 9/6/2022 11:09 AM, Mickaël Salaün пишет: >>>>> >>>>> On 29/08/2022 19:03, Konstantin Meskhidze wrote: >>>>>> This patch adds rules with invalid user space supplied data: >>>>>> - out of range ruleset attribute; >>>>>> - unhandled allowed access; >>>>>> - zero port value; >>>>>> - zero access value; >>>>>> >>>>>> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@...wei.com> >>>>>> --- >>>>>> >>>>>> Changes since v6: >>>>>> * Adds invalid ruleset attribute test. >>>>>> >>>>>> Changes since v5: >>>>>> * Formats code with clang-format-14. >>>>>> >>>>>> Changes since v4: >>>>>> * Refactors code with self->port variable. >>>>>> >>>>>> Changes since v3: >>>>>> * Adds inval test. >>>>>> >>>>>> --- >>>>>> tools/testing/selftests/landlock/net_test.c | 66 ++++++++++++++++++++- >>>>>> 1 file changed, 65 insertions(+), 1 deletion(-) >>>>>> >>>>>> diff --git a/tools/testing/selftests/landlock/net_test.c b/tools/testing/selftests/landlock/net_test.c >>>>>> index a93224d1521b..067ba45f58a5 100644 >>>>>> --- a/tools/testing/selftests/landlock/net_test.c >>>>>> +++ b/tools/testing/selftests/landlock/net_test.c >>>>>> @@ -26,9 +26,12 @@ >>>>>> >>>>>> #define IP_ADDRESS "127.0.0.1" >>>>>> >>>>>> -/* Number pending connections queue to be hold */ >>>>>> +/* Number pending connections queue to be hold. */ >>>>> >>>>> Patch of a previous patch? >>>>> >>>>> >>>>>> #define BACKLOG 10 >>>>>> >>>>>> +/* Invalid attribute, out of landlock network access range. */ >>>>>> +#define LANDLOCK_INVAL_ATTR 7 >>>>>> + >>>>>> FIXTURE(socket) >>>>>> { >>>>>> uint port[MAX_SOCKET_NUM]; >>>>>> @@ -719,4 +722,65 @@ TEST_F(socket, ruleset_expanding) >>>>>> /* Closes socket 1. */ >>>>>> ASSERT_EQ(0, close(sockfd_1)); >>>>>> } >>>>>> + >>>>>> +TEST_F(socket, inval) >>>>>> +{ >>>>>> + struct landlock_ruleset_attr ruleset_attr = { >>>>>> + .handled_access_net = LANDLOCK_ACCESS_NET_BIND_TCP >>>>>> + }; >>>>>> + struct landlock_ruleset_attr ruleset_attr_inval = { >>>>>> + .handled_access_net = LANDLOCK_INVAL_ATTR >>>>> >>>>> Please add a test similar to TEST_F_FORK(layout1, >>>>> file_and_dir_access_rights) instead of explicitly defining and only >>>>> testing LANDLOCK_INVAL_ATTR. >>>>> >>>> Do you want fs test to be in this commit or maybe its better to add >>>> it into "[PATCH v7 01/18] landlock: rename access mask" one. >> >> Just to make it clear, I didn't suggested an FS test, but a new network >> test similar to layout1.file_and_dir_access_rights but only related to >> the network. It should replace/extend the content of this patch (16/18). >> > Ok. I will check out out "layout1.file_and_dir_access_rights" one. > But anyway we need some test like TEST_F_FORK(layout1, with_net) and > TEST_F_FORK(socket, with_fs) with mixed attributes as you suggested. Right, you can add that to the main test patch.
Powered by blists - more mailing lists