Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 Apr 2001 10:21:14 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/tools/regression/security/proc_to_proc Makefile README scenario.c scenario.h testuid.c
Message-ID:  <200104111721.f3BHLEY72961@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
rwatson     2001/04/11 10:21:14 PDT

  Added files:
    tools/regression/security/proc_to_proc Makefile README 
                                           scenario.c scenario.h 
                                           testuid.c 
  Log:
  o First pass at an inter-process authorization regression testing suite.
    This test utility attempts to evaluate the current kernel policy
    for authorization inter-process activities, currently ptrace(),
    kill(, SIGHUP), getpriority(), and setpriority().  The utility creates
    pairs of processes, initializes their credential sets to useful
    cases, and reports on whether the results are in keeping with hard-coded
    safety expectations.
  
  o Currently, this utility relies on the availability of __setugid(),
    an uncomitted system call used for managing the P_SUGID bit.  Due to
    continuing discussion of optional regression testing kernel components
    ("options REGRESSION") I'll hold off on committing that until the
    discussion has reached its natural termination.
  
  o A number of additional testing factors should be taken into account
    in the testing, including tests for different classes of signals,
    interactions with process session characteristics, I/O signalling,
    broadcast activities such as broadcast signalling, mass priority
    setting, and to take into group-related aspects of credentials.
    Additional operations should also be taken into account, such as ktrace,
    debugging attach using procfs, and so on.
  
  o This testing suite is intended to prevent the introduction of bugs
    in the upcoming sets of authorization changes associated with the
    introduction of process capabilities and mandatory access control.
  
  Obtained from: TrustedBSD Project


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104111721.f3BHLEY72961>