[PATCH wayland 2/2] tests: Fix FAIL in sanity-test (*timeout*) when Yama LSM enabled
Bryce Harrington
bryce at osg.samsung.com
Wed Jan 7 10:25:20 PST 2015
I've got a better fix for this after speaking with the yama lsm author.
On Tue, Jan 06, 2015 at 05:11:30PM -0800, Bryce Harrington wrote:
> This fixes a regression in the testsuite since c3653f7f, where four of
> the timeout tests fail with "Timeouts suppressed" messages.
>
> The timeouts are being suppressed because the testsuite is erroneously
> detecting that a debugger is attached. This detection mechanism
> (adopted from libinput) uses ptrace to test if there is a debugger
> parent process that can be attached. Unfortunately, this is an
> unreliable test: Kernel security policies exist to restrict the scope of
> ptrace to prevent processes from snooping on one another.[1] This
> security policy is set as the default on Ubuntu, and potentially other
> Linux distributions.[2]
>
> Workarounds including running 'make check' as root, turning off
> ptrace_scope systemwide (echo 0 > /proc/sys/kernel/yama/ptrace_scope),
> or granting the sanity-test binary ptrace capabilities (sudo setcap
> cap_sys_ptrace=eip ./sanity-test). Unfortunately, these all require
> superuser intervention so can't be considered as a full solution.
>
> The Yama documentation suggests, "For software that has defined
> application-specific relationships between a debugging process and its
> inferior (crash handlers, etc), prctl(PR_SET_PTRACER, pid, ...) can be
> used. An inferior can declare which other process (and its descendents)
> are allowed to call PTRACE_ATTACH against it." However, sanity-test's
> parent process is either make or bash, depending on how it's invoked,
> but neither of which we can modify to add prctl().
>
> Instead, change the detection mechanism to detect when the ptrace
> operation is not permitted, and assume there is no debugger.
>
> 1: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2d514487faf188938a4ee4fb3464eeecfbdcf8eb
> 2: https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection
> Signed-off-by: Bryce Harrington <bryce at osg.samsung.com>
> ---
> tests/test-runner.c | 14 +++++++++++++-
> 1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/tests/test-runner.c b/tests/test-runner.c
> index 9abf22f..06375b4 100644
> --- a/tests/test-runner.c
> +++ b/tests/test-runner.c
> @@ -262,10 +262,18 @@ is_debugger_attached(void)
>
> if (pid == 0) {
> int ppid = getppid();
> - if (ptrace(PTRACE_ATTACH, ppid, NULL, NULL) == 0) {
> + errno = 0;
> + rc = ptrace(PTRACE_ATTACH, ppid, NULL, NULL);
> + if (rc == 0) {
> waitpid(ppid, NULL, 0);
> ptrace(PTRACE_CONT, NULL, NULL);
> ptrace(PTRACE_DETACH, ppid, NULL, NULL);
> + } else if (errno == EPERM) {
> + /* We're not permitted to perform ptrace on this system.
> + * (Perhaps /proc/sys/kernel/yama/ptrace_scope is enabled?)
> + * We can't verify that a debugger is attached, so return 0
> + */
> + perror("ptrace system call");
> rc = 0;
> } else {
> rc = 1;
> @@ -298,6 +306,7 @@ int main(int argc, char *argv[])
> if (is_debugger_attached()) {
> leak_check_enabled = 0;
> timeouts_enabled = 0;
> + fprintf(stderr, "debugger detected\n");
> } else {
> leak_check_enabled = !getenv("WAYLAND_TEST_NO_LEAK_CHECK");
> timeouts_enabled = !getenv("WAYLAND_TEST_NO_TIMEOUTS");
> @@ -323,6 +332,9 @@ int main(int argc, char *argv[])
> /* set our own XDG_RUNTIME_DIR */
> set_xdg_runtime_dir();
>
> + fprintf(stderr, "leak_check_enabled: %d\n", leak_check_enabled);
> + fprintf(stderr, "timeouts_enabled: %d\n", timeouts_enabled);
> +
> pass = 0;
> for (t = &__start_test_section; t < &__stop_test_section; t++) {
> int success = 0;
> --
> 1.9.1
>
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/wayland-devel
More information about the wayland-devel
mailing list