void init_regexp_proc(void) { uselib("libpcre.so"); /* * define the structure we're going to ask the agent to register our * information at */ struct variable2 extensible_proc_variables[] = { {MIBINDEX, ASN_INTEGER, NETSNMP_OLDAPI_RONLY, var_extensible_regexp_proc, 1, {MIBINDEX}}, {ERRORNAME, ASN_OCTET_STR, NETSNMP_OLDAPI_RONLY, var_extensible_regexp_proc, 1, {ERRORNAME}}, {PROCMIN, ASN_INTEGER, NETSNMP_OLDAPI_RONLY, var_extensible_regexp_proc, 1, {PROCMIN}}, {PROCMAX, ASN_INTEGER, NETSNMP_OLDAPI_RONLY, var_extensible_regexp_proc, 1, {PROCMAX}}, {PROCCOUNT, ASN_INTEGER, NETSNMP_OLDAPI_RONLY, var_extensible_regexp_proc, 1, {PROCCOUNT}}, {ERRORFLAG, ASN_INTEGER, NETSNMP_OLDAPI_RONLY, var_extensible_regexp_proc, 1, {ERRORFLAG}}, {ERRORMSG, ASN_OCTET_STR, NETSNMP_OLDAPI_RONLY, var_extensible_regexp_proc, 1, {ERRORMSG}}, {ERRORFIX, ASN_INTEGER, NETSNMP_OLDAPI_RWRITE, var_extensible_regexp_proc, 1, {ERRORFIX}}, {ERRORFIXCMD, ASN_OCTET_STR, NETSNMP_OLDAPI_RONLY, var_extensible_regexp_proc, 1, {ERRORFIXCMD}} }; /* * Define the OID pointer to the top of the mib tree that we're * registering underneath */ oid proc_variables_oid[] = { 1, 3, 6, 1, 4, 1, 7142, 100, 1, 10 }; /* * register ourselves with the agent to handle our mib tree */ REGISTER_MIB("ucd-snmp/regexp_proc", extensible_proc_variables, variable2, proc_variables_oid); snmpd_register_config_handler("regexp_proc", regexp_proc_parse_config, regexp_proc_free_config, "process-name [max-num] [min-num]"); snmpd_register_config_handler("regexp_procfix", regexp_procfix_parse_config, NULL, "process-name program [arguments...]"); }
static void stage_file_test(void) { static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE }; int buffer[2] = { 32768, 61000 }; size_t size = sizeof(buffer); int pipe_fd[2] = { EOF, EOF }; int error = 0; int fd; char pbuffer[1024]; struct stat sbuf; struct sockaddr_un addr; struct ifreq ifreq; char *filename = ""; set_profile(3, "file::execute"); set_profile(3, "file::open"); set_profile(3, "file::create"); set_profile(3, "file::unlink"); set_profile(3, "file::mkdir"); set_profile(3, "file::rmdir"); set_profile(3, "file::mkfifo"); set_profile(3, "file::mksock"); set_profile(3, "file::truncate"); set_profile(3, "file::symlink"); set_profile(3, "file::rewrite"); set_profile(3, "file::mkblock"); set_profile(3, "file::mkchar"); set_profile(3, "file::link"); set_profile(3, "file::rename"); set_profile(3, "file::chmod"); set_profile(3, "file::chown"); set_profile(3, "file::chgrp"); set_profile(3, "file::ioctl"); set_profile(3, "file::chroot"); set_profile(3, "file::mount"); set_profile(3, "file::umount"); set_profile(3, "file::pivot_root"); policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range"; write_domain_policy(policy, 0); show_result(sysctl(name, 3, buffer, &size, 0, 0), 1); write_domain_policy(policy, 1); show_result(sysctl(name, 3, buffer, &size, 0, 0), 0); policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range"; write_domain_policy(policy, 0); show_result(sysctl(name, 3, 0, 0, buffer, size), 1); write_domain_policy(policy, 1); show_result(sysctl(name, 3, 0, 0, buffer, size), 0); policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range"; write_domain_policy(policy, 0); show_result(sysctl(name, 3, buffer, &size, buffer, size), 1); write_domain_policy(policy, 1); show_result(sysctl(name, 3, buffer, &size, buffer, size), 0); policy = "allow_read /bin/true"; write_domain_policy(policy, 0); show_result(uselib("/bin/true"), 1); write_domain_policy(policy, 1); show_result(uselib("/bin/true"), 0); policy = "allow_execute /bin/true"; write_domain_policy(policy, 0); fflush(stdout); fflush(stderr); if (pipe(pipe_fd) == -1) err(1, "pipe"); if (fork() == 0) { execl("/bin/true", "/bin/true", NULL); if (write(pipe_fd[1], &errno, sizeof(errno)) == -1) err(1, "write"); exit(0); } close(pipe_fd[1]); (void)read(pipe_fd[0], &error, sizeof(error)); close(pipe_fd[0]); wait(NULL); errno = error; show_result(error ? EOF : 0, 1); write_domain_policy(policy, 1); fflush(stdout); fflush(stderr); if (pipe(pipe_fd) == -1) err(1, "pipe"); if (fork() == 0) { execl("/bin/true", "/bin/true", NULL); if (write(pipe_fd[1], &errno, sizeof(errno)) == -1) err(1, "write"); _exit(0); } close(pipe_fd[1]); (void)read(pipe_fd[0], &error, sizeof(error)); close(pipe_fd[0]); wait(NULL); errno = error; show_result(errno ? EOF : 0, 0); policy = "allow_read /dev/null"; write_domain_policy(policy, 0); fd = open("/dev/null", O_RDONLY); show_result(fd, 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); fd = open("/dev/null", O_RDONLY); show_result(fd, 0); if (fd != EOF) close(fd); policy = "allow_read /dev/null"; write_domain_policy(policy, 0); fd = open("/dev/null", O_RDONLY); show_result(fd, 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); fd = open("/dev/null", O_RDONLY); show_result(fd, 0); if (fd != EOF) close(fd); policy = "allow_read /dev/null"; write_domain_policy(policy, 0); fd = open("/dev/null", O_RDONLY); show_result(fd, 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); fd = open("/dev/null", O_RDONLY); show_result(fd, 0); if (fd != EOF) close(fd); policy = "allow_read /dev/null"; write_domain_policy(policy, 0); fd = open("/dev/null", O_RDONLY); show_result(fd, 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); fd = open("/dev/null", O_RDONLY); show_result(fd, 0); if (fd != EOF) close(fd); set_profile(3, "file::mkfifo"); policy = "allow_mkfifo /tmp/mknod_fifo_test 0644"; write_domain_policy(policy, 0); filename = "/tmp/mknod_fifo_test"; show_result(mknod(filename, S_IFIFO | 0644, 0), 1); write_domain_policy(policy, 1); unlink2(filename); show_result(mknod(filename, S_IFIFO | 0644, 0), 0); memset(pbuffer, 0, sizeof(pbuffer)); memset(&sbuf, 0, sizeof(sbuf)); filename = "/dev/null"; stat(filename, &sbuf); snprintf(pbuffer, sizeof(pbuffer) - 1, "allow_write %s", filename); policy = pbuffer; write_domain_policy(policy, 0); fd = open(filename, O_WRONLY); show_result(fd, 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); fd = open(filename, O_WRONLY); show_result(fd, 0); if (fd != EOF) close(fd); policy = "allow_read/write /tmp/fifo"; mkfifo2("/tmp/fifo"); write_domain_policy(policy, 0); fd = open("/tmp/fifo", O_RDWR); show_result(fd, 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); fd = open("/tmp/fifo", O_RDWR); show_result(fd, 0); if (fd != EOF) close(fd); policy = "allow_read /dev/null"; write_domain_policy(policy, 0); fd = open("/dev/null", O_RDONLY); show_result(fd, 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); fd = open("/dev/null", O_RDONLY); show_result(fd, 0); if (fd != EOF) close(fd); policy = "allow_write /dev/null"; write_domain_policy(policy, 0); fd = open("/dev/null", O_WRONLY); show_result(fd, 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); fd = open("/dev/null", O_WRONLY); show_result(fd, 0); if (fd != EOF) close(fd); policy = "allow_read/write /dev/null"; write_domain_policy(policy, 0); fd = open("/dev/null", O_RDWR); show_result(fd, 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); fd = open("/dev/null", O_RDWR); show_result(fd, 0); if (fd != EOF) close(fd); policy = "allow_create /tmp/open_test 0644"; write_domain_policy(policy, 0); policy = "allow_write /tmp/open_test"; write_domain_policy(policy, 0); fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644); show_result(fd, 1); if (fd != EOF) close(fd); unlink2("/tmp/open_test"); write_domain_policy(policy, 1); fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644); show_result(fd, 0); if (fd != EOF) close(fd); unlink2("/tmp/open_test"); policy = "allow_create /tmp/open_test 0644"; write_domain_policy(policy, 1); policy = "allow_write /tmp/open_test"; write_domain_policy(policy, 0); policy = "allow_create /tmp/open_test 0644"; write_domain_policy(policy, 0); fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644); show_result(fd, 1); if (fd != EOF) close(fd); unlink2("/tmp/open_test"); write_domain_policy(policy, 1); fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644); show_result(fd, 0); if (fd != EOF) close(fd); unlink2("/tmp/open_test"); policy = "allow_write /tmp/open_test"; write_domain_policy(policy, 1); filename = "/tmp/truncate_test"; create2(filename); policy = "allow_truncate /tmp/truncate_test"; write_domain_policy(policy, 0); policy = "allow_write /tmp/truncate_test"; write_domain_policy(policy, 0); fd = open(filename, O_WRONLY | O_TRUNC); show_result(fd, 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); fd = open(filename, O_WRONLY | O_TRUNC); show_result(fd, 0); if (fd != EOF) close(fd); policy = "allow_truncate /tmp/truncate_test"; write_domain_policy(policy, 1); policy = "allow_write /tmp/truncate_test"; write_domain_policy(policy, 0); policy = "allow_truncate /tmp/truncate_test"; write_domain_policy(policy, 0); fd = open(filename, O_WRONLY | O_TRUNC); show_result(fd, 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); fd = open(filename, O_WRONLY | O_TRUNC); show_result(fd, 0); if (fd != EOF) close(fd); policy = "allow_write /tmp/truncate_test"; write_domain_policy(policy, 1); policy = "allow_truncate /tmp/truncate_test"; write_domain_policy(policy, 0); show_result(truncate(filename, 0), 1); write_domain_policy(policy, 1); show_result(truncate(filename, 0), 0); policy = "allow_truncate /tmp/truncate_test"; write_domain_policy(policy, 0); set_profile(0, "file::open"); fd = open(filename, O_WRONLY); set_profile(3, "file::open"); show_result(ftruncate(fd, 0), 1); write_domain_policy(policy, 1); show_result(ftruncate(fd, 0), 0); if (fd != EOF) close(fd); unlink2(filename); policy = "allow_create /tmp/mknod_reg_test 0644"; write_domain_policy(policy, 0); filename = "/tmp/mknod_reg_test"; show_result(mknod(filename, S_IFREG | 0644, 0), 1); write_domain_policy(policy, 1); unlink2(filename); show_result(mknod(filename, S_IFREG | 0644, 0), 0); policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3"; write_domain_policy(policy, 0); filename = "/tmp/mknod_chr_test"; show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1); write_domain_policy(policy, 1); unlink2(filename); show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0); policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0"; write_domain_policy(policy, 0); filename = "/tmp/mknod_blk_test"; show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1); write_domain_policy(policy, 1); unlink2(filename); show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0); policy = "allow_mkfifo /tmp/mknod_fifo_test 0644"; write_domain_policy(policy, 0); filename = "/tmp/mknod_fifo_test"; show_result(mknod(filename, S_IFIFO | 0644, 0), 1); write_domain_policy(policy, 1); unlink2(filename); show_result(mknod(filename, S_IFIFO | 0644, 0), 0); policy = "allow_mksock /tmp/mknod_sock_test 0644"; write_domain_policy(policy, 0); filename = "/tmp/mknod_sock_test"; show_result(mknod(filename, S_IFSOCK | 0644, 0), 1); write_domain_policy(policy, 1); unlink2(filename); show_result(mknod(filename, S_IFSOCK | 0644, 0), 0); policy = "allow_mkdir /tmp/mkdir_test/ 0600"; write_domain_policy(policy, 0); filename = "/tmp/mkdir_test"; show_result(mkdir(filename, 0600), 1); write_domain_policy(policy, 1); rmdir2(filename); show_result(mkdir(filename, 0600), 0); policy = "allow_rmdir /tmp/rmdir_test/"; write_domain_policy(policy, 0); filename = "/tmp/rmdir_test"; mkdir2(filename); show_result(rmdir(filename), 1); write_domain_policy(policy, 1); mkdir2(filename); show_result(rmdir(filename), 0); rmdir2(filename); policy = "allow_unlink /tmp/unlink_test"; write_domain_policy(policy, 0); filename = "/tmp/unlink_test"; create2(filename); show_result(unlink(filename), 1); write_domain_policy(policy, 1); create2(filename); show_result(unlink(filename), 0); unlink2(filename); policy = "allow_symlink /tmp/symlink_source_test"; write_domain_policy(policy, 0); filename = "/tmp/symlink_source_test"; show_result(symlink("/tmp/symlink_dest_test", filename), 1); write_domain_policy(policy, 1); unlink2(filename); show_result(symlink("/tmp/symlink_dest_test", filename), 0); policy = "allow_symlink /tmp/symlink_source_test"; write_domain_policy(policy, 0); filename = "/tmp/symlink_source_test"; show_result(symlink("/tmp/symlink_dest_test", filename), 1); write_domain_policy(policy, 1); unlink2(filename); show_result(symlink("/tmp/symlink_dest_test", filename), 0); policy = "allow_symlink /tmp/symlink_source_test"; write_domain_policy(policy, 0); filename = "/tmp/symlink_source_test"; show_result(symlink("/tmp/symlink_dest_test", filename), 1); write_domain_policy(policy, 1); unlink2(filename); show_result(symlink("/tmp/symlink_dest_test", filename), 0); policy = "allow_symlink /tmp/symlink_source_test"; write_domain_policy(policy, 0); filename = "/tmp/symlink_source_test"; show_result(symlink("/tmp/symlink_dest_test", filename), 1); write_domain_policy(policy, 1); unlink2(filename); show_result(symlink("/tmp/symlink_dest_test", filename), 0); policy = "allow_symlink /tmp/symlink_source_test"; write_domain_policy(policy, 0); filename = "/tmp/symlink_source_test"; show_result(symlink("/tmp/symlink_dest_test", filename), 1); write_domain_policy(policy, 1); unlink2(filename); show_result(symlink("/tmp/symlink_dest_test", filename), 0); policy = "allow_link /tmp/link_source_test /tmp/link_dest_test"; write_domain_policy(policy, 0); filename = "/tmp/link_source_test"; create2(filename); show_result(link(filename, "/tmp/link_dest_test"), 1); write_domain_policy(policy, 1); unlink2("/tmp/link_dest_test"); show_result(link(filename, "/tmp/link_dest_test"), 0); unlink2(filename); policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test"; write_domain_policy(policy, 0); filename = "/tmp/rename_source_test"; create2(filename); show_result(rename(filename, "/tmp/rename_dest_test"), 1); write_domain_policy(policy, 1); unlink2("/tmp/rename_dest_test"); create2(filename); show_result(rename(filename, "/tmp/rename_dest_test"), 0); unlink2(filename); policy = "allow_mksock /tmp/socket_test 0755"; write_domain_policy(policy, 0); filename = "/tmp/socket_test"; memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; strncpy(addr.sun_path, filename, sizeof(addr.sun_path) - 1); fd = socket(AF_UNIX, SOCK_STREAM, 0); show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)), 1); if (fd != EOF) close(fd); write_domain_policy(policy, 1); unlink2(filename); fd = socket(AF_UNIX, SOCK_STREAM, 0); show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)), 0); if (fd != EOF) close(fd); filename = "/tmp/rewrite_test"; create2(filename); policy = "allow_read/write /tmp/rewrite_test"; write_domain_policy(policy, 0); write_exception_policy("deny_rewrite /tmp/rewrite_test", 0); policy = "allow_truncate /tmp/rewrite_test"; write_domain_policy(policy, 0); fd = open(filename, O_RDONLY); show_result(fd, 1); if (fd != EOF) close(fd); fd = open(filename, O_WRONLY | O_APPEND); show_result(fd, 1); if (fd != EOF) close(fd); fd = open(filename, O_WRONLY); show_result(fd, 0); if (fd != EOF) close(fd); fd = open(filename, O_WRONLY | O_TRUNC); show_result(fd, 0); if (fd != EOF) close(fd); fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND); show_result(fd, 0); if (fd != EOF) close(fd); show_result(truncate(filename, 0), 0); set_profile(0, "file::open"); fd = open(filename, O_WRONLY | O_APPEND); set_profile(3, "file::open"); show_result(ftruncate(fd, 0), 0); show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND), 0); if (fd != EOF) close(fd); write_domain_policy(policy, 1); policy = "allow_read/write /tmp/rewrite_test"; write_domain_policy(policy, 1); write_exception_policy("deny_rewrite /tmp/rewrite_test", 1); unlink2(filename); policy = "allow_ioctl socket:[family=2:type=2:protocol=17] " "35122-35124"; write_domain_policy(policy, 0); fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP); memset(&ifreq, 0, sizeof(ifreq)); snprintf(ifreq.ifr_name, sizeof(ifreq.ifr_name) - 1, "lo"); show_result(ioctl(fd, 35123, &ifreq), 1); write_domain_policy(policy, 1); policy = "allow_ioctl " "socket:[family=2:type=2:protocol=17] 0-35122"; write_domain_policy(policy, 0); show_result(ioctl(fd, 35123, &ifreq), 0); write_domain_policy(policy, 1); if (fd != EOF) close(fd); }
static void stage_file_test(void) { int fd; { static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE }; int buffer[2] = { 32768, 61000 }; size_t size = sizeof(buffer); show_prompt("sysctl(READ)"); show_result(sysctl(name, 3, buffer, &size, 0, 0)); show_prompt("sysctl(WRITE)"); show_result(sysctl(name, 3, 0, 0, buffer, size)); } /* QUESTION: Is there a file which can be passed to uselib()? */ show_prompt("uselib()"); show_result(uselib("/bin/true")); { int pipe_fd[2] = { EOF, EOF }; int error = 0; fflush(stdout); fflush(stderr); if (pipe(pipe_fd) == -1) err(1, "pipe"); if (fork() == 0) { execl("/bin/true", "/bin/true", NULL); if (write(pipe_fd[1], &errno, sizeof(errno)) == -1) err(1, "write"); _exit(0); } close(pipe_fd[1]); (void)read(pipe_fd[0], &error, sizeof(error)); show_prompt("execve()"); errno = error; show_result(error ? EOF : 0); } show_prompt("open(O_RDONLY)"); fd = open(dev_null_path, O_RDONLY); show_result(fd); if (fd != EOF) close(fd); show_prompt("open(O_WRONLY)"); fd = open(dev_null_path, O_WRONLY); show_result(fd); if (fd != EOF) close(fd); show_prompt("open(O_RDWR)"); fd = open(dev_null_path, O_RDWR); show_result(fd); if (fd != EOF) close(fd); show_prompt("open(O_CREAT | O_EXCL)"); fd = open(open_creat_path, O_CREAT | O_EXCL, 0666); show_result(fd); if (fd != EOF) close(fd); show_prompt("open(O_TRUNC)"); fd = open(truncate_path, O_TRUNC); show_result(fd); if (fd != EOF) close(fd); show_prompt("truncate()"); show_result(truncate(truncate_path, 0)); show_prompt("ftruncate()"); show_result(ftruncate(ftruncate_fd, 0)); show_prompt("mknod(S_IFREG)"); show_result(mknod(mknod_reg_path, S_IFREG, 0)); show_prompt("mknod(S_IFCHR)"); show_result(mknod(mknod_chr_path, S_IFCHR, MKDEV(1, 3))); show_prompt("mknod(S_IFBLK)"); show_result(mknod(mknod_blk_path, S_IFBLK, MKDEV(1, 0))); show_prompt("mknod(S_IFIFO)"); show_result(mknod(mknod_fifo_path, S_IFIFO, 0)); show_prompt("mknod(S_IFSOCK)"); show_result(mknod(mknod_sock_path, S_IFSOCK, 0)); show_prompt("mkdir()"); show_result(mkdir(mkdir_path, 0600)); show_prompt("rmdir()"); show_result(rmdir(rmdir_path)); show_prompt("unlink()"); show_result(unlink(unlink_path)); show_prompt("symlink()"); show_result(symlink(symlink_dest_path, symlink_source_path)); show_prompt("link()"); show_result(link(link_source_path, link_dest_path)); show_prompt("rename()"); show_result(rename(rename_source_path, rename_dest_path)); { struct sockaddr_un addr; int fd; memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path) - 1); fd = socket(AF_UNIX, SOCK_STREAM, 0); show_prompt("unix_bind()"); show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr))); if (fd != EOF) close(fd); } printf("\n\n"); }
int main(int argc, char **argv) { int x = 0; char *args[10]; setuid(2); signal(SIGCHLD, sigchld); do_signals(); x += getpid(); x += getppid(); x += getuid(); x += getgid(); x += setsid(); x += seteuid(); x += setegid(); lseek(0, 0, -1); kill(0, 0); signal(99, 0); signal(SIGINT, int_handler); signal(SIGSEGV, segv_handler); // *(int *) 0 = 0; pipe(0); munmap(0, 0); mincore(0, 0); shmget(0); shmat(0); line = __LINE__; poll(-1, 0, 0); signal(SIGSEGV, SIG_IGN); // ppoll(-1, -1, -1, 0); signal(SIGSEGV, SIG_DFL); sched_yield(); readv(-1, 0, 0, 0); writev(-1, 0, 0, 0); msync(0, 0, 0); fsync(-1); fdatasync(-1); semget(0, 0, 0); semctl(0, 0, 0); uselib(NULL); pivot_root(0, 0); personality(-1); setfsuid(-1); flock(-1, 0); shmdt(0, 0, 0); times(0); mremap(0, 0, 0, 0, 0); madvise(0, 0, 0); fchown(-1, 0, 0); lchown(0, 0, 0); setreuid(); setregid(); link("/nonexistant", "/also-nonexistant"); do_slow(); symlink("/nothing", "/"); rename("/", "/"); mkdir("/junk/stuff////0", 0777); geteuid(); getsid(); getpgid(); getresuid(); getresgid(); getpgid(); ptrace(-1, 0, 0, 0); semop(0, 0, 0); capget(0, 0); line = __LINE__; gettimeofday(0, 0); settimeofday(0, 0); dup(-1); dup2(-1, -1); shmctl(0, 0, 0, 0); execve("/bin/nothing", "/bin/nothing", 0); alarm(9999); bind(0, 0, 0); socket(0, 0, 0); accept(0, 0, 0); listen(0); shutdown(0); getsockname(0, 0, 0); getpeername(0, 0, 0); truncate(0, 0); ftruncate(0, 0); line = __LINE__; if (vfork() == 0) exit(0); line = __LINE__; x = opendir("/", 0, 0); line = __LINE__; readdir(x, 0, 0); line = __LINE__; closedir(x); line = __LINE__; chroot("/"); line = __LINE__; sigaction(0, 0, 0); line = __LINE__; sigprocmask(0, 0, 0); x += open("/nothing", 0); x += chdir("/nothing"); x += mknod("/nothing/nothing", 0); x += ioctl(); execve("/nothing", NULL, NULL); line = __LINE__; x += close(-2); line = __LINE__; if (fork() == 0) exit(0); line = __LINE__; clone(clone_func, 0, 0, 0); line = __LINE__; brk(0); sbrk(0); line = __LINE__; mmap(0, 0, 0, 0, 0); line = __LINE__; uname(0); line = __LINE__; getcwd(0, 0); line = __LINE__; iopl(3); ioperm(0, 0, 0); mount(0, 0, 0, 0, 0); umount(0, 0); umount(0, 0, 0); swapon(0, 0); swapoff(0); sethostname(0); line = __LINE__; time(NULL); unlink("/nothing"); line = __LINE__; rmdir("/nothing"); chmod(0, 0); line = __LINE__; # if defined(__i386) || defined(__amd64) modify_ldt(0); # endif stat("/doing-nice", 0); nice(0); args[0] = "/bin/df"; args[1] = "-l"; args[2] = NULL; close(1); open("/dev/null", O_WRONLY); /***********************************************/ /* Some syscalls arent available direct */ /* from libc, so get them here. We mostly */ /* care about the ones which have caused */ /* implementation difficulty and kernel */ /* crashes - eventually we can be complete. */ /***********************************************/ line = __LINE__; open("/system-dependent-syscalls-follow", 0); line = __LINE__; if (fork() == 0) exit(0); {int status; while (wait(&status) >= 0) ; } sigaltstack(0, 0); /*vm86(0, 0);*/ /***********************************************/ /* Some syscalls arent directly accessible, */ /* e.g. legacy. */ /***********************************************/ #if defined(__x86_64__) trace(__LINE__, "x64 syscalls"); syscall(174, 0, 0, 0); // create_module syscall(176, 0, 0, 0); // delete_module syscall(178, 0, 0, 0); // query_module #else trace(__LINE__, "x32 syscalls"); syscall(0, 0, 0, 0); // restart_syscall syscall(34, 0, 0, 0); // nice syscall(59, 0, 0, 0); // oldolduname syscall(109, 0, 0, 0); // olduname if (fork() == 0) syscall(1, 0, 0, 0); // exit #endif line = __LINE__; execve("/bin/df", args, NULL); fprintf(stderr, "Error: should not get here -- %s\n", strerror(errno)); exit(1); }