From 69556c76342bdd1a693dcd62e64afe57f6b29729 Mon Sep 17 00:00:00 2001 From: dgl Date: Fri, 27 Mar 2026 05:06:33 +0000 Subject: [PATCH] Add __pledge_open regress. --- regress/sys/kern/pledge/open/Makefile | 51 +++++++++++++++++++++++ regress/sys/kern/pledge/open/open.c | 60 +++++++++++++++++++++++++++ 2 files changed, 111 insertions(+) create mode 100644 regress/sys/kern/pledge/open/Makefile create mode 100644 regress/sys/kern/pledge/open/open.c diff --git a/regress/sys/kern/pledge/open/Makefile b/regress/sys/kern/pledge/open/Makefile new file mode 100644 index 00000000000..3af30b95f47 --- /dev/null +++ b/regress/sys/kern/pledge/open/Makefile @@ -0,0 +1,51 @@ +# $OpenBSD: Makefile,v 1.1 2026/03/27 05:06:33 dgl Exp $ + +PROG= open +LDFLAGS= -static + +run-no-pledge: ${PROG} + ./${PROG} "[NO PLEDGE]" /etc/myname +REGRESS_TARGETS+= run-no-pledge + +run-unknown-file: ${PROG} + if ./${PROG} "stdio" /etc/myname; \ + then false; else [[ $$? == 134 ]]; fi +REGRESS_TARGETS+= run-unknown-file + +run-hosts: ${PROG} + ./${PROG} "stdio dns fattr" /etc/hosts +REGRESS_TARGETS+= run-hosts + +run-hosts-no-dns: ${PROG} + if ./${PROG} "stdio" /etc/hosts; \ + then false; else [[ $$? == 134 ]]; fi +REGRESS_TARGETS+= run-hosts-no-dns + +run-hosts-no-dns-error: ${PROG} + if ./${PROG} "stdio error" /etc/hosts; \ + then false; else [[ $$? == 2 ]]; fi +REGRESS_TARGETS+= run-hosts-no-dns-error + +run-hosts-no-dns-but-rpath: ${PROG} + ./${PROG} "stdio rpath fattr" /etc/hosts +REGRESS_TARGETS+= run-hosts-no-dns-but-rpath + +run-devnull: ${PROG} + ./${PROG} "stdio" /dev/null +REGRESS_TARGETS+= run-devnull + +run-empty-promises: ${PROG} + if ./${PROG} "" /dev/null; \ + then false; else [[ $$? == 134 ]]; fi +REGRESS_TARGETS+= run-empty-promises + +run-zoneinfo: ${PROG} + ./${PROG} "stdio fattr" /usr/share/zoneinfo/Asia/Ulaanbaatar +REGRESS_TARGETS+= run-zoneinfo + +run-zoneinfo-dotdot: ${PROG} + if ./${PROG} "stdio" /usr/share/zoneinfo/Asia/..; \ + then false; else [[ $$? == 134 ]]; fi +REGRESS_TARGETS+= run-zoneinfo-dotdot + +.include diff --git a/regress/sys/kern/pledge/open/open.c b/regress/sys/kern/pledge/open/open.c new file mode 100644 index 00000000000..0f78ec59008 --- /dev/null +++ b/regress/sys/kern/pledge/open/open.c @@ -0,0 +1,60 @@ +/* $OpenBSD: open.c,v 1.1 2026/03/27 05:06:33 dgl Exp $ */ +/* + * Copyright (c) 2026 David Leadbeater + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include + +/* + * __pledge_open(2) is libc internal. This is for testing kernel semantics + * only, do not use this outside of regress. + */ +int _libc___pledge_open(char *path, int flags, ...); + +#define NO_PLEDGE "[NO PLEDGE]" + +int +main(int argc, char **argv) +{ + int fd; + char *promise, *path; + struct stat sb; + + if (argc != 3) + errx(1, "argc: %d", argc); + + promise = argv[1]; + path = argv[2]; + + if (strcmp(promise, NO_PLEDGE) != 0 && pledge(promise, NULL) == -1) + err(1, "pledge %s", promise); + + fd = _libc___pledge_open(path, O_RDONLY); + if (fd == -1) + err(2, "open %s", path); + + if (fstat(fd, &sb) == -1) + err(3, "fstat %s", path); + + /* __pledge_open marks fds so certain operations are not allowed. */ + if (strcmp(promise, NO_PLEDGE) != 0 && S_ISREG(sb.st_mode)) + if (fchmod(fd, 0) != -1) + errx(4, "fchmod succeeded"); +}