read_binary_name_regtest.c
1.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
// Regression test for https://crbug.com/502974, where ASan was unable to read
// the binary name because of sandbox restrictions.
// This test uses seccomp-BPF to restrict the readlink() system call and makes
// sure ASan is still able to
// Disable symbolizing results, since this will invoke llvm-symbolizer, which
// will be unable to resolve its $ORIGIN due to readlink() restriction and will
// thus fail to start, causing the test to die with SIGPIPE when attempting to
// talk to it.
// RUN: not ls /usr/include/linux/seccomp.h || ( %clang_asan %s -o %t && ( not env ASAN_OPTIONS=symbolize=0 %run %t 2>&1 ) | FileCheck %s )
// REQUIRES: shell
// UNSUPPORTED: android
#include <errno.h>
#include <stddef.h>
#include <stdlib.h>
#include <stdio.h>
#include <sys/prctl.h>
#include <sys/syscall.h>
#include <linux/filter.h>
#include <linux/seccomp.h>
#ifndef __NR_readlink
# define __NR_readlink __NR_readlinkat
#endif
#define syscall_nr (offsetof(struct seccomp_data, nr))
void corrupt() {
void *p = malloc(10);
free(p);
free(p);
}
int main() {
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
struct sock_filter filter[] = {
/* Grab the system call number */
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, syscall_nr),
// If this is __NR_readlink,
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_readlink, 0, 1),
// return with EPERM,
BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ERRNO | EPERM),
// otherwise allow the syscall.
BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW)
};
struct sock_fprog prog;
prog.len = (unsigned short)(sizeof(filter)/sizeof(filter[0]));
prog.filter = filter;
int res = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0);
if (res != 0) {
fprintf(stderr, "PR_SET_SECCOMP unsupported!\n");
}
corrupt();
// CHECK: AddressSanitizer
// CHECK-NOT: reading executable name failed
return 0;
}