diff -urN amtu-1.0.orig/config.h.in amtu-0.2/config.h.in --- amtu-1.0.orig/config.h.in 2005-05-27 17:15:17.048941192 -0400 +++ amtu-1.0/config.h.in 2005-05-27 17:16:12.582498808 -0400 @@ -15,3 +15,5 @@ /* NULL */ #undef HAVE_S390 +/* NULL */ +#undef HAVE_IA64 diff -urN amtu-1.0.orig/configure.in amtu-0.2/configure.in --- amtu-1.0.orig/configure.in 2005-05-27 17:15:17.048941192 -0400 +++ amtu-1.0/configure.in 2005-05-27 17:15:37.431842520 -0400 @@ -20,6 +20,7 @@ powerpc64-*) AC_DEFINE(HAVE_PPC64,1,NULL);; x86_64-*) AC_DEFINE(HAVE_X86_64,1,NULL);; s390-* | s390x-*) AC_DEFINE(HAVE_S390,1,NULL);; +ia64-*) AC_DEFINE(HAVE_IA64,1,NULL);; esac AC_CHECK_LIB(laus, laus_open) AC_CHECK_LIB(audit, audit_open) diff -urN amtu-1.0.orig/configure.in.orig amtu-0.2/configure.in.orig --- amtu-1.0.orig/configure.in.orig 1969-12-31 19:00:00.000000000 -0500 +++ amtu-1.0/configure.in.orig 2005-05-27 17:11:50.436351080 -0400 @@ -0,0 +1,26 @@ +AC_REVISION($Revision: 1.3 $)dnl +# AC_CANONICAL_SYSTEM is deprecated in the latest version of AUTOMAKE. +# We aren't using the latest version so we'll keep using it +#AC_CANONICAL_TARGET +AC_INIT(src/amtu.c) +AC_PREREQ(2.12)dnl +AC_CONFIG_AUX_DIR(config) +AC_CONFIG_SRCDIR(src/amtu.c) +AM_CONFIG_HEADER(config.h) + +VERSION=0.2 +echo Configuring amtu $VERSION + +AC_CANONICAL_SYSTEM +AM_INIT_AUTOMAKE(amtu, $VERSION) +AC_PROG_CC +case "$target" in +i386-* | i486-* | i586-* | i686-*) AC_DEFINE(HAVE_I86,1,NULL);; +powerpc-*) AC_DEFINE(HAVE_PPC,1,NULL);; +powerpc64-*) AC_DEFINE(HAVE_PPC64,1,NULL);; +x86_64-*) AC_DEFINE(HAVE_X86_64,1,NULL);; +s390-* | s390x-*) AC_DEFINE(HAVE_S390,1,NULL);; +esac +AC_CHECK_LIB(laus, laus_open) +AC_CHECK_LIB(audit, audit_open) +AC_OUTPUT(Makefile src/Makefile doc/Makefile) diff -urN amtu-1.0.orig/src/amtu-ia64.c amtu-0.2/src/amtu-ia64.c --- amtu-1.0.orig/src/amtu-ia64.c 1969-12-31 19:00:00.000000000 -0500 +++ amtu-1.0/src/amtu-ia64.c 2005-05-27 17:15:37.432842368 -0400 @@ -0,0 +1,182 @@ +//---------------------------------------------------------------------- +// +// Module Name: amtu-ia64.c +// +// Include File: none +// +// Description: Code for Abstract Machine Test i386 Privilege test. +// +// Notes: This module performs the machine specific privilege tests +// to ensure that the underlying hardware is still enforcing +// the appropriate control mechanisms. +// ----------------------------------------------------------------- +// LANGUAGE: C +// +// (C) Copyright International Businesses Machine Corp. 2003 +// Licensed under the Common Public License v. 1.0 +// ----------------------------------------------------------------- +// +// Change Activity: +// DATE PGMR COMMENTS +// -------- --------- ---------------------- +// 2/05/03 J.Young Add new X86-64 instructions +// 7/20/03 EJR Added prolog, comments +// 8/19/03 EJR Version # on CPL + comment stanzas for functions +// 8/25/03 K.Simon Added NO_TAG to AUDIT_LOG +// 8/26/03 K.Simon Added printf to display test name +// 10/17/03 K.Simon Removed NO_TAG +// 7/15/04 mra Converted file to be ia64 specific +// 5/27/05 S. Grubb Update to use libaudit +//---------------------------------------------------------------------- + +#include "config.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "amtu.h" + +#if defined(HAVE_IA64) +#ifdef HAVE_LIBLAUS +#define AUDIT_LOG LAUS_LOG +#endif + +/************************************************************************/ +/* */ +/* FUNCTION: catchfault */ +/* */ +/* PURPOSE: Signal handler to catch the segmentation violation which is */ +/* expected when trying to execute privileged instructions */ +/* without privilege. */ +/* */ +/************************************************************************/ +void catchfault(int sig) +{ + if (debug) { + printf("caught the fault %d\n", sig); + } + exit(0); +} + + +/************************************************************************/ +/* */ +/* FUNCTION: amtu_priv */ +/* */ +/* PURPOSE: Execute privileged instructions to ensure that they cannot */ +/* legitimately be run in user mode. */ +/* */ +/************************************************************************/ +int amtu_priv(int argc, char *argv[]) +{ + struct sigaction sig; + pid_t pid, wpid; + int stat; + + printf("Executing Supervisor Mode Instructions Test...\n"); + + /* Set up signal handler */ + sig.sa_handler = catchfault; + sig.sa_flags = 0; + sigemptyset(&sig.sa_mask); + sigaction(SIGSEGV, &sig, NULL); + sigaction(SIGILL, &sig, NULL); + sigaction(SIGIOT, &sig, NULL); + sigaction(SIGIO, &sig, NULL); + sigaction(SIGINT, &sig, NULL); + sigaction(SIGABRT, &sig, NULL); + sigaction(SIGTERM, &sig, NULL); + sigaction(SIGQUIT, &sig, NULL); + sigaction(SIGBUS, &sig, NULL); + + /* Each assembly directive should seg fault since they are */ + /* privileged instructions. */ + + + /*---------------------------------------------------------*/ + /* Test One */ + /*---------------------------------------------------------*/ + + pid = fork(); + if (pid == 0) { + if (debug) { + printf("RSM test: "); + } + asm volatile ("RSM 1"); + exit(-1); + } else if (pid == -1) { + /* error condition */ + fprintf(stderr, "Privilege Separation Test FAILED (RSM)!\n"); + AUDIT_LOG(("amtu failed privilege separation on RSM")) + exit(-1); + } + /* parent */ + wpid = wait(&stat); + if (!(WIFEXITED(stat) && (WEXITSTATUS(stat) == 0))) { + fprintf(stderr, "Privilege Separation Test FAILED on RSM!\n"); + AUDIT_LOG(("amtu failed privilege separation on RSM")) + return(-1); + } + + + /*---------------------------------------------------------*/ + /* Test Two */ + /*---------------------------------------------------------*/ + + pid = fork(); + if (pid == 0) { + if (debug) { + printf("SSM test: "); + } + asm volatile ("SSM 0"); + exit(-1); + } else if (pid == -1) { + /* error condition */ + fprintf(stderr, "Privilege Separation Test FAILED (SSM)!\n"); + AUDIT_LOG(("amtu failed privilege separation on SSM")) + exit(-1); + } + /* parent */ + wpid = wait(&stat); + if (!(WIFEXITED(stat) && (WEXITSTATUS(stat) == 0))) { + fprintf(stderr, "Privilege Separation Test FAILED on SSM!\n"); + AUDIT_LOG(("amtu failed privilege separation on SSM")) + return(-1); + } + + /*---------------------------------------------------------*/ + /* Test Three */ + /*---------------------------------------------------------*/ + + pid = fork(); + if (pid == 0) { + if (debug) { + printf("RFI test: "); + } + asm volatile ("RFI"); + exit(-1); + } else if (pid == -1) { + /* error condition */ + fprintf(stderr, "Privilege Separation Test FAILED (RFI)!\n"); + AUDIT_LOG(("amtu failed privilege separation on RFI")) + exit(-1); + } + /* parent */ + wpid = wait(&stat); + if (!(WIFEXITED(stat) && (WEXITSTATUS(stat) == 0))) { + fprintf(stderr, "Privilege Separation Test FAILED on RFI!\n"); + AUDIT_LOG(("amtu failed privilege separation on RFI")) + return(-1); + } + + AUDIT_LOG(("amtu - Privileged Instruction Test succeeded")) + printf("Privileged Instruction Test SUCCESS!\n"); + return(0); +} +#endif diff -urN amtu-1.0.orig/src/Makefile.am amtu-0.2/src/Makefile.am --- amtu-1.0.orig/src/Makefile.am 2005-05-27 17:15:17.056939976 -0400 +++ amtu-1.0/src/Makefile.am 2005-05-27 17:15:37.432842368 -0400 @@ -1,3 +1,3 @@ -AM_CPPFLAGS = -Wall +AM_CPPFLAGS = -Wall -W -Wfloat-equal -Wundef bin_PROGRAMS = amtu -amtu_SOURCES = amtu-i86.c amtu-ppc.c amtu-s390.c amtu.c memory.c memsep.c iodisktest.c networkio.c +amtu_SOURCES = amtu-i86.c amtu-ppc.c amtu-s390.c amtu-ia64.c amtu.c memory.c memsep.c iodisktest.c networkio.c