Compare commits
4 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
f09350f34e | ||
|
cd6a9e1b1e | ||
|
926d576fea | ||
|
cfb6703469 |
9 changed files with 7 additions and 565 deletions
1
.cvsignore → .gitignore
vendored
1
.cvsignore → .gitignore
vendored
|
|
@ -5,3 +5,4 @@ amtu-1.0.2.tar.gz
|
|||
amtu-1.0.3.tar.gz
|
||||
amtu-1.0.4.tar.gz
|
||||
amtu-1.0.5-1.tar.gz
|
||||
amtu-1.0.6.tar.gz
|
||||
21
Makefile
21
Makefile
|
|
@ -1,21 +0,0 @@
|
|||
# Makefile for source rpm: amtu
|
||||
# $Id: Makefile,v 1.1 2004/09/09 02:56:56 cvsdist Exp $
|
||||
NAME := amtu
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attempt a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
--- amtu-1.0.2/src/memsep.c.orig 2005-12-01 23:11:44.000000000 -0500
|
||||
+++ amtu-1.0.2/src/memsep.c 2005-12-01 22:58:17.000000000 -0500
|
||||
@@ -56,6 +56,7 @@
|
||||
#include "config.h"
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
+#include <stdint.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
@@ -91,15 +92,14 @@ void sig_handler(int sig)
|
||||
/* range start <= j < end, aligned to sizeof(int) */
|
||||
/* */
|
||||
/************************************************************************/
|
||||
+#if __LP64__
|
||||
+#define RANDNUM ((uint64_t)random() << 32 | random())
|
||||
+#else
|
||||
+#define RANDNUM random()
|
||||
+#endif
|
||||
int *get_pointer_in_range(int *start, int *end)
|
||||
{
|
||||
- int *j;
|
||||
- double n_ints;
|
||||
-
|
||||
- n_ints = (end - start)/sizeof(int);
|
||||
-
|
||||
- j = start + (int) (n_ints * rand()/(RAND_MAX + 1.0));
|
||||
- return j;
|
||||
+ return (int *)((char *)start + (RANDNUM % ((char *)end - (char *)start + 1)));
|
||||
}
|
||||
|
||||
/************************************************************************/
|
||||
|
|
@ -1,76 +0,0 @@
|
|||
diff -urp amtu-1.0.4.orig/src/iodisktest.c amtu-1.0.4/src/iodisktest.c
|
||||
--- amtu-1.0.4.orig/src/iodisktest.c 2007-01-09 15:41:48.000000000 -0500
|
||||
+++ amtu-1.0.4/src/iodisktest.c 2007-01-09 16:32:38.000000000 -0500
|
||||
@@ -74,6 +74,7 @@
|
||||
#define MAXLINE 500
|
||||
#define MAXINDEX 100
|
||||
#define MAXMEMSIZE 10485670
|
||||
+#define BDEVNAME_SIZE 32
|
||||
|
||||
// Structure to track info about partitions
|
||||
typedef struct {
|
||||
@@ -279,7 +280,7 @@ int iodisktest(int argc, char *argv[])
|
||||
FILE *fname;
|
||||
FILE *fs;
|
||||
FILE *fs1;
|
||||
- char token[10];
|
||||
+ char token[BDEVNAME_SIZE];
|
||||
char line[MAXLINE];
|
||||
int num = 32;
|
||||
int num_of_rands = 0;
|
||||
diff -urp amtu-1.0.4.orig/src/networkio.c amtu-1.0.4/src/networkio.c
|
||||
--- amtu-1.0.4.orig/src/networkio.c 2007-01-09 15:41:48.000000000 -0500
|
||||
+++ amtu-1.0.4/src/networkio.c 2007-01-09 17:26:28.000000000 -0500
|
||||
@@ -208,6 +208,10 @@ int get_interfaces()
|
||||
|
||||
ifr = ifc.ifc_req;
|
||||
numifs = ifc.ifc_len/sizeof (struct ifreq);
|
||||
+ if (numifs > MAX_INTERFACES) {
|
||||
+ printf("Too many interfaces, only testing the first %d\n", MAX_INTERFACES);
|
||||
+ numifs = MAX_INTERFACES;
|
||||
+ }
|
||||
if (debug)
|
||||
printf("SIOCGIFCONF has %d interfaces in list:\n", numifs);
|
||||
|
||||
@@ -231,6 +235,7 @@ int get_interfaces()
|
||||
memset(&ifr_sub, '\0', sizeof(struct ifreq));
|
||||
strncpy(ifr_sub.ifr_name, ifr->ifr_name,
|
||||
sizeof(ifr_sub.ifr_name));
|
||||
+ ifr_sub.ifr_name[sizeof(ifr_sub.ifr_name)-1] = 0;
|
||||
if (ioctl(sock, SIOCGIFFLAGS, (char *)&ifr_sub) < 0) {
|
||||
fprintf(stderr, "SIOCGIFFLAGS failed for %s.\n",
|
||||
ifr->ifr_name);
|
||||
@@ -287,7 +292,7 @@ int get_interfaces()
|
||||
}
|
||||
|
||||
np->ifindex = ifr_sub.ifr_ifindex;
|
||||
- np->ifname = (char *)malloc(sizeof(ifr->ifr_name));
|
||||
+ np->ifname = strdup(ifr->ifr_name);
|
||||
if (np->ifname == NULL)
|
||||
{
|
||||
fprintf(stderr, "get_interfaces: malloc failed\n");
|
||||
@@ -302,8 +307,6 @@ int get_interfaces()
|
||||
return -1;
|
||||
}
|
||||
|
||||
- strncpy(np->ifname, ifr->ifr_name, sizeof(ifr->ifr_name));
|
||||
-
|
||||
if (ioctl(sock, SIOCGIFHWADDR, &ifr_sub) < 0) {
|
||||
fprintf(stderr, "SIOCGIFHWADDR failed for %s.\n",
|
||||
ifr_sub.ifr_name);
|
||||
@@ -403,7 +406,6 @@ int networkio(int argc, char *argv[])
|
||||
*/
|
||||
bzero(packetbuf, sizeof(packetbuf));
|
||||
bzero(&from, sizeof(from));
|
||||
- len = sizeof(from);
|
||||
rsock_fd = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_LOOP));
|
||||
|
||||
memset(&rcv_info, 0, sizeof(rcv_info));
|
||||
@@ -449,6 +451,7 @@ int networkio(int argc, char *argv[])
|
||||
*/
|
||||
count = 0;
|
||||
do {
|
||||
+ len = sizeof(from);
|
||||
cc = recvfrom(rsock_fd, packetbuf, sizeof(packetbuf),
|
||||
MSG_DONTWAIT, (struct sockaddr *)&from, &len);
|
||||
|
||||
|
|
@ -1,120 +0,0 @@
|
|||
diff -urp amtu-1.0.orig/configure.in amtu-1.0/configure.in
|
||||
--- amtu-1.0.orig/configure.in 2005-06-08 16:50:00.155816448 -0400
|
||||
+++ amtu-1.0/configure.in 2005-06-08 16:51:12.515816056 -0400
|
||||
@@ -1,9 +1,18 @@
|
||||
-AC_INIT(src/amtu.c)
|
||||
+AC_REVISION($Revision: 1.3 $)dnl
|
||||
# AC_CANONICAL_SYSTEM is deprecated in the latest version of AUTOMAKE.
|
||||
# We aren't using the latest version so we'll keep using it
|
||||
#AC_CANONICAL_TARGET
|
||||
+AC_INIT(src/amtu.c)
|
||||
+AC_PREREQ(2.12)dnl
|
||||
+AC_CONFIG_AUX_DIR(config)
|
||||
+AC_CONFIG_SRCDIR(src/amtu.c)
|
||||
+AM_CONFIG_HEADER(config.h)
|
||||
+
|
||||
+VERSION=1.0
|
||||
+echo Configuring amtu $VERSION
|
||||
+
|
||||
AC_CANONICAL_SYSTEM
|
||||
-AM_INIT_AUTOMAKE(amtu, 1.0)
|
||||
+AM_INIT_AUTOMAKE(amtu, $VERSION)
|
||||
AC_PROG_CC
|
||||
case "$target" in
|
||||
i386-* | i486-* | i586-* | i686-*) AC_DEFINE(HAVE_I86,1,NULL);;
|
||||
@@ -15,6 +24,4 @@ ia64-*) AC_DEFINE(HAVE_IA64,1,NULL);;
|
||||
esac
|
||||
AC_CHECK_LIB(laus, laus_open)
|
||||
AC_CHECK_LIB(audit, audit_open)
|
||||
-AC_OUTPUT(Makefile \
|
||||
-src/Makefile \
|
||||
-doc/Makefile)
|
||||
+AC_OUTPUT(Makefile src/Makefile doc/Makefile)
|
||||
diff -urp amtu-1.0.orig/src/amtu.c amtu-1.0/src/amtu.c
|
||||
--- amtu-1.0.orig/src/amtu.c 2005-03-17 13:46:39.000000000 -0500
|
||||
+++ amtu-1.0/src/amtu.c 2005-06-08 16:51:42.051325976 -0400
|
||||
@@ -36,6 +36,7 @@
|
||||
//
|
||||
//----------------------------------------------------------------------
|
||||
|
||||
+#include "config.h"
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
diff -urp amtu-1.0.orig/src/amtu-i86.c amtu-1.0/src/amtu-i86.c
|
||||
--- amtu-1.0.orig/src/amtu-i86.c 2005-03-17 13:48:38.000000000 -0500
|
||||
+++ amtu-1.0/src/amtu-i86.c 2005-06-08 16:51:12.521815144 -0400
|
||||
@@ -29,6 +29,7 @@
|
||||
// using libaudit instead of liblaus
|
||||
//----------------------------------------------------------------------
|
||||
|
||||
+#include "config.h"
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
diff -urp amtu-1.0.orig/src/amtu-ppc.c amtu-1.0/src/amtu-ppc.c
|
||||
--- amtu-1.0.orig/src/amtu-ppc.c 2005-03-17 13:48:57.000000000 -0500
|
||||
+++ amtu-1.0/src/amtu-ppc.c 2005-06-08 16:51:12.522814992 -0400
|
||||
@@ -28,6 +28,7 @@
|
||||
// using libaudit instead of liblaus
|
||||
//----------------------------------------------------------------------
|
||||
|
||||
+#include "config.h"
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
diff -urp amtu-1.0.orig/src/amtu-s390.c amtu-1.0/src/amtu-s390.c
|
||||
--- amtu-1.0.orig/src/amtu-s390.c 2005-03-17 13:49:16.000000000 -0500
|
||||
+++ amtu-1.0/src/amtu-s390.c 2005-06-08 16:51:12.523814840 -0400
|
||||
@@ -29,6 +29,7 @@
|
||||
// using libaudit instead of liblaus
|
||||
//----------------------------------------------------------------------
|
||||
|
||||
+#include "config.h"
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
diff -urp amtu-1.0.orig/src/iodisktest.c amtu-1.0/src/iodisktest.c
|
||||
--- amtu-1.0.orig/src/iodisktest.c 2005-03-17 13:49:29.000000000 -0500
|
||||
+++ amtu-1.0/src/iodisktest.c 2005-06-08 16:52:28.261300992 -0400
|
||||
@@ -53,6 +53,7 @@
|
||||
//03/15/05 D.Velarde Added AUDIT_LOG statements to be used if we're
|
||||
// using libaudit instead of liblaus
|
||||
//----------------------------------------------------------------------
|
||||
+#include "config.h"
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
diff -urp amtu-1.0.orig/src/memory.c amtu-1.0/src/memory.c
|
||||
--- amtu-1.0.orig/src/memory.c 2005-03-17 13:49:41.000000000 -0500
|
||||
+++ amtu-1.0/src/memory.c 2005-06-08 16:52:48.022296864 -0400
|
||||
@@ -46,6 +46,7 @@
|
||||
// using libaudit instead of liblaus
|
||||
//
|
||||
//----------------------------------------------------------------------
|
||||
+#include "config.h"
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
diff -urp amtu-1.0.orig/src/memsep.c amtu-1.0/src/memsep.c
|
||||
--- amtu-1.0.orig/src/memsep.c 2005-03-17 17:27:49.000000000 -0500
|
||||
+++ amtu-1.0/src/memsep.c 2005-06-08 16:53:01.955178744 -0400
|
||||
@@ -52,6 +52,7 @@
|
||||
// don't switch to user nobody if running on RHEL4
|
||||
//
|
||||
//----------------------------------------------------------------------
|
||||
+#include "config.h"
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
diff -urp amtu-1.0.orig/src/networkio.c amtu-1.0/src/networkio.c
|
||||
--- amtu-1.0.orig/src/networkio.c 2005-03-17 13:50:08.000000000 -0500
|
||||
+++ amtu-1.0/src/networkio.c 2005-06-08 16:53:21.894147560 -0400
|
||||
@@ -28,6 +28,7 @@
|
||||
//
|
||||
// -----------------------------------------------------------------
|
||||
|
||||
+#include "config.h"
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
245
amtu-ia64.patch
245
amtu-ia64.patch
|
|
@ -1,245 +0,0 @@
|
|||
diff -urN amtu-1.0.orig/config.h.in amtu-0.2/config.h.in
|
||||
--- amtu-1.0.orig/config.h.in 2005-05-27 17:15:17.048941192 -0400
|
||||
+++ amtu-1.0/config.h.in 2005-05-27 17:16:12.582498808 -0400
|
||||
@@ -15,3 +15,5 @@
|
||||
/* NULL */
|
||||
#undef HAVE_S390
|
||||
|
||||
+/* NULL */
|
||||
+#undef HAVE_IA64
|
||||
diff -urN amtu-1.0.orig/configure.in amtu-0.2/configure.in
|
||||
--- amtu-1.0.orig/configure.in 2005-05-27 17:15:17.048941192 -0400
|
||||
+++ amtu-1.0/configure.in 2005-05-27 17:15:37.431842520 -0400
|
||||
@@ -20,6 +20,7 @@
|
||||
powerpc64-*) AC_DEFINE(HAVE_PPC64,1,NULL);;
|
||||
x86_64-*) AC_DEFINE(HAVE_X86_64,1,NULL);;
|
||||
s390-* | s390x-*) AC_DEFINE(HAVE_S390,1,NULL);;
|
||||
+ia64-*) AC_DEFINE(HAVE_IA64,1,NULL);;
|
||||
esac
|
||||
AC_CHECK_LIB(laus, laus_open)
|
||||
AC_CHECK_LIB(audit, audit_open)
|
||||
diff -urN amtu-1.0.orig/configure.in.orig amtu-0.2/configure.in.orig
|
||||
--- amtu-1.0.orig/configure.in.orig 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ amtu-1.0/configure.in.orig 2005-05-27 17:11:50.436351080 -0400
|
||||
@@ -0,0 +1,26 @@
|
||||
+AC_REVISION($Revision: 1.3 $)dnl
|
||||
+# AC_CANONICAL_SYSTEM is deprecated in the latest version of AUTOMAKE.
|
||||
+# We aren't using the latest version so we'll keep using it
|
||||
+#AC_CANONICAL_TARGET
|
||||
+AC_INIT(src/amtu.c)
|
||||
+AC_PREREQ(2.12)dnl
|
||||
+AC_CONFIG_AUX_DIR(config)
|
||||
+AC_CONFIG_SRCDIR(src/amtu.c)
|
||||
+AM_CONFIG_HEADER(config.h)
|
||||
+
|
||||
+VERSION=0.2
|
||||
+echo Configuring amtu $VERSION
|
||||
+
|
||||
+AC_CANONICAL_SYSTEM
|
||||
+AM_INIT_AUTOMAKE(amtu, $VERSION)
|
||||
+AC_PROG_CC
|
||||
+case "$target" in
|
||||
+i386-* | i486-* | i586-* | i686-*) AC_DEFINE(HAVE_I86,1,NULL);;
|
||||
+powerpc-*) AC_DEFINE(HAVE_PPC,1,NULL);;
|
||||
+powerpc64-*) AC_DEFINE(HAVE_PPC64,1,NULL);;
|
||||
+x86_64-*) AC_DEFINE(HAVE_X86_64,1,NULL);;
|
||||
+s390-* | s390x-*) AC_DEFINE(HAVE_S390,1,NULL);;
|
||||
+esac
|
||||
+AC_CHECK_LIB(laus, laus_open)
|
||||
+AC_CHECK_LIB(audit, audit_open)
|
||||
+AC_OUTPUT(Makefile src/Makefile doc/Makefile)
|
||||
diff -urN amtu-1.0.orig/src/amtu-ia64.c amtu-0.2/src/amtu-ia64.c
|
||||
--- amtu-1.0.orig/src/amtu-ia64.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ amtu-1.0/src/amtu-ia64.c 2005-05-27 17:15:37.432842368 -0400
|
||||
@@ -0,0 +1,182 @@
|
||||
+//----------------------------------------------------------------------
|
||||
+//
|
||||
+// Module Name: amtu-ia64.c
|
||||
+//
|
||||
+// Include File: none
|
||||
+//
|
||||
+// Description: Code for Abstract Machine Test i386 Privilege test.
|
||||
+//
|
||||
+// Notes: This module performs the machine specific privilege tests
|
||||
+// to ensure that the underlying hardware is still enforcing
|
||||
+// the appropriate control mechanisms.
|
||||
+// -----------------------------------------------------------------
|
||||
+// LANGUAGE: C
|
||||
+//
|
||||
+// (C) Copyright International Businesses Machine Corp. 2003
|
||||
+// Licensed under the Common Public License v. 1.0
|
||||
+// -----------------------------------------------------------------
|
||||
+//
|
||||
+// Change Activity:
|
||||
+// DATE PGMR COMMENTS
|
||||
+// -------- --------- ----------------------
|
||||
+// 2/05/03 J.Young Add new X86-64 instructions
|
||||
+// 7/20/03 EJR Added prolog, comments
|
||||
+// 8/19/03 EJR Version # on CPL + comment stanzas for functions
|
||||
+// 8/25/03 K.Simon Added NO_TAG to AUDIT_LOG
|
||||
+// 8/26/03 K.Simon Added printf to display test name
|
||||
+// 10/17/03 K.Simon Removed NO_TAG
|
||||
+// 7/15/04 mra Converted file to be ia64 specific
|
||||
+// 5/27/05 S. Grubb Update to use libaudit
|
||||
+//----------------------------------------------------------------------
|
||||
+
|
||||
+#include "config.h"
|
||||
+#include <stdlib.h>
|
||||
+#include <stdio.h>
|
||||
+#include <unistd.h>
|
||||
+#include <syscall.h>
|
||||
+#include <errno.h>
|
||||
+#include <string.h>
|
||||
+#include <signal.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/wait.h>
|
||||
+#include <syslog.h>
|
||||
+#include "amtu.h"
|
||||
+
|
||||
+#if defined(HAVE_IA64)
|
||||
+#ifdef HAVE_LIBLAUS
|
||||
+#define AUDIT_LOG LAUS_LOG
|
||||
+#endif
|
||||
+
|
||||
+/************************************************************************/
|
||||
+/* */
|
||||
+/* FUNCTION: catchfault */
|
||||
+/* */
|
||||
+/* PURPOSE: Signal handler to catch the segmentation violation which is */
|
||||
+/* expected when trying to execute privileged instructions */
|
||||
+/* without privilege. */
|
||||
+/* */
|
||||
+/************************************************************************/
|
||||
+void catchfault(int sig)
|
||||
+{
|
||||
+ if (debug) {
|
||||
+ printf("caught the fault %d\n", sig);
|
||||
+ }
|
||||
+ exit(0);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/************************************************************************/
|
||||
+/* */
|
||||
+/* FUNCTION: amtu_priv */
|
||||
+/* */
|
||||
+/* PURPOSE: Execute privileged instructions to ensure that they cannot */
|
||||
+/* legitimately be run in user mode. */
|
||||
+/* */
|
||||
+/************************************************************************/
|
||||
+int amtu_priv(int argc, char *argv[])
|
||||
+{
|
||||
+ struct sigaction sig;
|
||||
+ pid_t pid, wpid;
|
||||
+ int stat;
|
||||
+
|
||||
+ printf("Executing Supervisor Mode Instructions Test...\n");
|
||||
+
|
||||
+ /* Set up signal handler */
|
||||
+ sig.sa_handler = catchfault;
|
||||
+ sig.sa_flags = 0;
|
||||
+ sigemptyset(&sig.sa_mask);
|
||||
+ sigaction(SIGSEGV, &sig, NULL);
|
||||
+ sigaction(SIGILL, &sig, NULL);
|
||||
+ sigaction(SIGIOT, &sig, NULL);
|
||||
+ sigaction(SIGIO, &sig, NULL);
|
||||
+ sigaction(SIGINT, &sig, NULL);
|
||||
+ sigaction(SIGABRT, &sig, NULL);
|
||||
+ sigaction(SIGTERM, &sig, NULL);
|
||||
+ sigaction(SIGQUIT, &sig, NULL);
|
||||
+ sigaction(SIGBUS, &sig, NULL);
|
||||
+
|
||||
+ /* Each assembly directive should seg fault since they are */
|
||||
+ /* privileged instructions. */
|
||||
+
|
||||
+
|
||||
+ /*---------------------------------------------------------*/
|
||||
+ /* Test One */
|
||||
+ /*---------------------------------------------------------*/
|
||||
+
|
||||
+ pid = fork();
|
||||
+ if (pid == 0) {
|
||||
+ if (debug) {
|
||||
+ printf("RSM test: ");
|
||||
+ }
|
||||
+ asm volatile ("RSM 1");
|
||||
+ exit(-1);
|
||||
+ } else if (pid == -1) {
|
||||
+ /* error condition */
|
||||
+ fprintf(stderr, "Privilege Separation Test FAILED (RSM)!\n");
|
||||
+ AUDIT_LOG(("amtu failed privilege separation on RSM"))
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ /* parent */
|
||||
+ wpid = wait(&stat);
|
||||
+ if (!(WIFEXITED(stat) && (WEXITSTATUS(stat) == 0))) {
|
||||
+ fprintf(stderr, "Privilege Separation Test FAILED on RSM!\n");
|
||||
+ AUDIT_LOG(("amtu failed privilege separation on RSM"))
|
||||
+ return(-1);
|
||||
+ }
|
||||
+
|
||||
+
|
||||
+ /*---------------------------------------------------------*/
|
||||
+ /* Test Two */
|
||||
+ /*---------------------------------------------------------*/
|
||||
+
|
||||
+ pid = fork();
|
||||
+ if (pid == 0) {
|
||||
+ if (debug) {
|
||||
+ printf("SSM test: ");
|
||||
+ }
|
||||
+ asm volatile ("SSM 0");
|
||||
+ exit(-1);
|
||||
+ } else if (pid == -1) {
|
||||
+ /* error condition */
|
||||
+ fprintf(stderr, "Privilege Separation Test FAILED (SSM)!\n");
|
||||
+ AUDIT_LOG(("amtu failed privilege separation on SSM"))
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ /* parent */
|
||||
+ wpid = wait(&stat);
|
||||
+ if (!(WIFEXITED(stat) && (WEXITSTATUS(stat) == 0))) {
|
||||
+ fprintf(stderr, "Privilege Separation Test FAILED on SSM!\n");
|
||||
+ AUDIT_LOG(("amtu failed privilege separation on SSM"))
|
||||
+ return(-1);
|
||||
+ }
|
||||
+
|
||||
+ /*---------------------------------------------------------*/
|
||||
+ /* Test Three */
|
||||
+ /*---------------------------------------------------------*/
|
||||
+
|
||||
+ pid = fork();
|
||||
+ if (pid == 0) {
|
||||
+ if (debug) {
|
||||
+ printf("RFI test: ");
|
||||
+ }
|
||||
+ asm volatile ("RFI");
|
||||
+ exit(-1);
|
||||
+ } else if (pid == -1) {
|
||||
+ /* error condition */
|
||||
+ fprintf(stderr, "Privilege Separation Test FAILED (RFI)!\n");
|
||||
+ AUDIT_LOG(("amtu failed privilege separation on RFI"))
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ /* parent */
|
||||
+ wpid = wait(&stat);
|
||||
+ if (!(WIFEXITED(stat) && (WEXITSTATUS(stat) == 0))) {
|
||||
+ fprintf(stderr, "Privilege Separation Test FAILED on RFI!\n");
|
||||
+ AUDIT_LOG(("amtu failed privilege separation on RFI"))
|
||||
+ return(-1);
|
||||
+ }
|
||||
+
|
||||
+ AUDIT_LOG(("amtu - Privileged Instruction Test succeeded"))
|
||||
+ printf("Privileged Instruction Test SUCCESS!\n");
|
||||
+ return(0);
|
||||
+}
|
||||
+#endif
|
||||
diff -urN amtu-1.0.orig/src/Makefile.am amtu-0.2/src/Makefile.am
|
||||
--- amtu-1.0.orig/src/Makefile.am 2005-05-27 17:15:17.056939976 -0400
|
||||
+++ amtu-1.0/src/Makefile.am 2005-05-27 17:15:37.432842368 -0400
|
||||
@@ -1,3 +1,3 @@
|
||||
-AM_CPPFLAGS = -Wall
|
||||
+AM_CPPFLAGS = -Wall -W -Wfloat-equal -Wundef
|
||||
bin_PROGRAMS = amtu
|
||||
-amtu_SOURCES = amtu-i86.c amtu-ppc.c amtu-s390.c amtu.c memory.c memsep.c iodisktest.c networkio.c
|
||||
+amtu_SOURCES = amtu-i86.c amtu-ppc.c amtu-s390.c amtu-ia64.c amtu.c memory.c memsep.c iodisktest.c networkio.c
|
||||
|
|
@ -1,68 +0,0 @@
|
|||
--- amtu/src/memsep.c.orig 2004-08-18 11:18:42.000000000 -0400
|
||||
+++ amtu/src/memsep.c 2004-08-18 11:19:18.000000000 -0400
|
||||
@@ -165,8 +165,6 @@
|
||||
/************************************************************************/
|
||||
int memsep(int argc, char *argv[])
|
||||
{
|
||||
- struct passwd *pwd;
|
||||
- uid_t id;
|
||||
FILE *fp;
|
||||
char line[200];
|
||||
char flags[10];
|
||||
@@ -175,29 +173,6 @@
|
||||
|
||||
printf("Executing Memory Separation Test...\n");
|
||||
|
||||
- // First, get the UID of the unprivileged user nobody.
|
||||
- pwd = getpwnam("nobody");
|
||||
-
|
||||
- if (pwd == NULL) { // Error
|
||||
- fprintf(stderr, "Could not obtain info for user nobody");
|
||||
- LAUS_LOG(("amtu memory separation test: could not"
|
||||
- " obtain info for user nobody"))
|
||||
- return -1;
|
||||
- }
|
||||
- else {
|
||||
- id = pwd->pw_uid;
|
||||
- }
|
||||
-
|
||||
- // Now set the effective UID to the unprivileged user nobody.
|
||||
- if (debug) {
|
||||
- fprintf(stderr, "Setting effective UID of user nobody to:"
|
||||
- " %d\n", id);
|
||||
- }
|
||||
- seteuid(id);
|
||||
- if (debug) {
|
||||
- fprintf(stderr, "Effective UID is now: %d\n", geteuid());
|
||||
- }
|
||||
-
|
||||
// Check that reading and writing to memory addresses is not allowed.
|
||||
fp = fopen("/proc/self/maps", "r");
|
||||
if (fp == NULL) {
|
||||
@@ -258,25 +233,6 @@
|
||||
last_end = end;
|
||||
}
|
||||
|
||||
- // Reset the UID to root.
|
||||
- pwd = getpwnam("root");
|
||||
-
|
||||
- if (pwd == NULL) { // Error
|
||||
- fprintf(stderr, "Could not reset UID to root");
|
||||
- LAUS_LOG(("amtu memory separation test: could not"
|
||||
- " reset UID to root"))
|
||||
- return -1;
|
||||
- }
|
||||
- else {
|
||||
- id = pwd->pw_uid;
|
||||
- }
|
||||
-
|
||||
- seteuid(id);
|
||||
- if (debug) {
|
||||
- fprintf(stderr, "Reset Effective UID to root: %d\n",
|
||||
- geteuid());
|
||||
- }
|
||||
-
|
||||
fprintf(stderr, "Memory Separation Test SUCCESS!\n");
|
||||
LAUS_LOG(("amtu - Memory Separation Test succeeded"))
|
||||
return 0;
|
||||
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
Summary: Abstract Machine Test Utility (AMTU)
|
||||
Name: amtu
|
||||
Version: 1.0.5
|
||||
Version: 1.0.6
|
||||
Release: 1%{?dist}
|
||||
License: Common Public License
|
||||
Group: System Environment/Base
|
||||
URL: http://sourceforge.net/projects/amtueal/
|
||||
Source0: %{name}-%{version}-1.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: audit-libs-devel >= 1.1.2
|
||||
BuildRequires: automake
|
||||
|
|
@ -61,6 +61,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%attr(0644,root,root) %{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Wed Dec 19 2007 Steve Grubb <sgrubb@redhat.com> 1.0.6-1
|
||||
- new upstream version
|
||||
|
||||
* Thu Mar 08 2007 Steve Grubb <sgrubb@redhat.com> 1.0.5-1
|
||||
- new upstream version
|
||||
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
17cebff95aa836e96a26e156dc00f0d4 amtu-1.0.5-1.tar.gz
|
||||
9c65ae295bb875bb4aa8786e17a2f1e7 amtu-1.0.6.tar.gz
|
||||
|
|
|
|||
Reference in a new issue