[src/trunk]: src/tests/lib/libc/sys Do not toggle global security.pax.mprotec...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b46196549eae
branches:  trunk
changeset: 822533:b46196549eae
user:      martin <martin%NetBSD.org@localhost>
date:      Fri Mar 24 08:18:27 2017 +0000

description:
Do not toggle global security.pax.mprotect state in an attempt to
activate it for the current process. It does not work and tests should
not change global system state anyway.
Instead: skip the test is pax.mprotect is not globally enabled. We could
use a better check for this (querying the current processes pax flags),
but unfortunately we don't have one.

diffstat:

 tests/lib/libc/sys/t_mprotect.c |  42 ++++++----------------------------------
 1 files changed, 7 insertions(+), 35 deletions(-)

diffs (107 lines):

diff -r 685ff15ea1e5 -r b46196549eae tests/lib/libc/sys/t_mprotect.c
--- a/tests/lib/libc/sys/t_mprotect.c   Fri Mar 24 04:06:19 2017 +0000
+++ b/tests/lib/libc/sys/t_mprotect.c   Fri Mar 24 08:18:27 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: t_mprotect.c,v 1.4 2016/05/28 14:34:49 christos Exp $ */
+/* $NetBSD: t_mprotect.c,v 1.5 2017/03/24 08:18:27 martin Exp $ */
 
 /*-
  * Copyright (c) 2011 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: t_mprotect.c,v 1.4 2016/05/28 14:34:49 christos Exp $");
+__RCSID("$NetBSD: t_mprotect.c,v 1.5 2017/03/24 08:18:27 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/mman.h>
@@ -47,13 +47,10 @@
 #include "../common/exec_prot.h"
 
 static long    page = 0;
-static int     pax_global = -1;
-static int     pax_enabled = -1;
 static char    path[] = "mmap";
 
 static void    sighandler(int);
 static bool    paxinit(void);
-static bool    paxset(int, int);
 
 static void
 sighandler(int signo)
@@ -65,6 +62,8 @@
 paxinit(void)
 {
        size_t len = sizeof(int);
+       int pax_global = -1;
+       int pax_enabled = -1;
        int rv;
 
        rv = sysctlbyname("security.pax.mprotect.global",
@@ -76,31 +75,12 @@
        rv = sysctlbyname("security.pax.mprotect.enabled",
            &pax_enabled, &len, NULL, 0);
 
-       return rv == 0;
-}
-
-static bool
-paxset(int global, int enabled)
-{
-       size_t len = sizeof(int);
-       int rv;
-
-       rv = sysctlbyname("security.pax.mprotect.global",
-           NULL, NULL, &global, len);
-
        if (rv != 0)
                return false;
 
-       rv = sysctlbyname("security.pax.mprotect.enabled",
-           NULL, NULL, &enabled, len);
-
-       if (rv != 0)
-               return false;
-
-       return true;
+       return pax_global == 1 && pax_enabled == 1;
 }
 
-
 ATF_TC_WITH_CLEANUP(mprotect_access);
 ATF_TC_HEAD(mprotect_access, tc)
 {
@@ -188,11 +168,6 @@
                break;
        }
 
-       if (!paxinit())
-               return;
-       if (pax_enabled == 1 && pax_global == 1)
-               atf_tc_skip("PaX MPROTECT restrictions enabled");
-               
 
        /*
         * Map a page read/write and copy a trivial assembly function inside.
@@ -261,8 +236,8 @@
        size_t i;
        int rv;
 
-       if (!paxinit() || !paxset(1, 1))
-               return;
+       if (!paxinit())
+               atf_tc_skip("PaX MPROTECT restrictions not enabled");
 
        /*
         * As noted in the original PaX documentation [1],
@@ -302,9 +277,6 @@
        }
 
 out:
-       if (pax_global != -1 && pax_enabled != -1)
-               (void)paxset(pax_global, pax_enabled);
-
        if (str != NULL)
                atf_tc_fail("%s", str);
 }