1 // Copyright 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 // A binary that tries x86_64 compat syscalls, ptrace and clone untraced.
16
17 #include <sched.h>
18 #include <sys/ptrace.h>
19 #include <syscall.h>
20 #include <unistd.h>
21
22 #include <cerrno>
23 #include <cstdint>
24 #include <cstdio>
25 #include <cstdlib>
26
27 #include "absl/base/attributes.h"
28 #include "sandboxed_api/config.h"
29
30 #ifdef SAPI_X86_64
TestAMD64SyscallMismatch()31 void TestAMD64SyscallMismatch() {
32 int64_t result;
33
34 // exit() is allowed, but not if called via 32-bit syscall.
35 asm("movq $1, %%rax\n" // __NR_exit: 1 in 32-bit (60 in 64-bit)
36 "movq $42, %%rbx\n" // int error_code: 42
37 "int $0x80\n"
38 "movq %%rax, %0\n"
39 : "=r"(result)
40 :
41 : "rax", "rbx");
42 exit(-result);
43 }
44
TestAMD64SyscallMismatchFs()45 void TestAMD64SyscallMismatchFs() {
46 int64_t result;
47 char filename[] = "/etc/passwd";
48
49 // access("/etc/passwd") is allowed, but not if called via 32-bit syscall.
50 asm("movq $33, %%rax\n" // __NR_access: 33 in 32-bit (21 in 64-bit)
51 "movq %1, %%rbx\n" // const char* filename: /etc/passwd
52 "movq $0, %%rcx\n" // int mode: F_OK (0), test for existence
53 "int $0x80\n"
54 "movq %%rax, %0\n"
55 : "=r"(result)
56 : "g"(filename)
57 : "rax", "rbx", "rcx");
58 exit(-result);
59 }
60 #endif
61
TestPtraceDenied()62 void TestPtraceDenied() {
63 ptrace(PTRACE_SEIZE, getppid(), 0, 0);
64
65 printf("Syscall violation should have been discovered by now\n");
66 exit(EXIT_FAILURE);
67 }
68
TestPtraceBlocked()69 void TestPtraceBlocked() {
70 int result = ptrace(PTRACE_SEIZE, getppid(), 0, 0);
71
72 if (result != -1 || errno != EPERM) {
73 printf("System call should have been blocked\n");
74 exit(EXIT_FAILURE);
75 }
76 }
77
TestBpfBlocked()78 void TestBpfBlocked() {
79 int result = syscall(__NR_bpf, 0, nullptr, 0);
80
81 if (result != -1 || errno != EPERM) {
82 printf("System call should have been blocked\n");
83 exit(EXIT_FAILURE);
84 }
85 }
86
TestCloneUntraced()87 void TestCloneUntraced() {
88 syscall(__NR_clone, static_cast<uintptr_t>(CLONE_UNTRACED), nullptr, nullptr,
89 nullptr, static_cast<uintptr_t>(0));
90
91 printf("Syscall violation should have been discovered by now\n");
92 exit(EXIT_FAILURE);
93 }
94
TestBpf()95 void TestBpf() {
96 syscall(__NR_bpf, 0, nullptr, 0);
97
98 printf("Syscall violation should have been discovered by now\n");
99 exit(EXIT_FAILURE);
100 }
101
TestIsatty()102 void TestIsatty() { isatty(0); }
103
main(int argc,char * argv[])104 int main(int argc, char* argv[]) {
105 // Disable buffering.
106 setbuf(stdin, nullptr);
107 setbuf(stdout, nullptr);
108 setbuf(stderr, nullptr);
109
110 if (argc < 2) {
111 printf("argc < 3\n");
112 return EXIT_FAILURE;
113 }
114
115 int testno = atoi(argv[1]); // NOLINT
116 switch (testno) {
117 #ifdef SAPI_X86_64
118 case 1:
119 TestAMD64SyscallMismatch();
120 break;
121 case 2:
122 TestAMD64SyscallMismatchFs();
123 break;
124 #endif
125 case 3:
126 TestPtraceDenied();
127 break;
128 case 4:
129 TestCloneUntraced();
130 break;
131 case 5:
132 TestBpf();
133 break;
134 case 6:
135 TestIsatty();
136 break;
137 case 7:
138 TestPtraceBlocked();
139 ABSL_FALLTHROUGH_INTENDED;
140 case 8:
141 TestBpfBlocked();
142 break;
143 default:
144 printf("Unknown test: %d\n", testno);
145 return EXIT_FAILURE;
146 }
147
148 printf("OK: All tests went OK\n");
149 return EXIT_SUCCESS;
150 }
151