1# 2# NOTE the built tests are all designed to be run from this 3# working directory when built DYNAMIC=yes. That is, they 4# link to the shared libraries in ../libcap/ . 5# 6topdir=$(shell pwd)/.. 7include ../Make.Rules 8# 9 10all: 11 @echo leave test building to test target 12 13install: 14 @echo nothing to install from tests 15 16ifeq ($(DYNAMIC),yes) 17LINKEXTRA=-Wl,-rpath,../libcap 18DEPS=../libcap/libcap.so 19ifeq ($(PTHREADS),yes) 20DEPS += ../libcap/libpsx.so 21endif 22else 23# For this build variant override the LDFLAGS to link statically from 24# libraries within the build tree. If you never want this, use 25# make DYNAMIC=yes ... 26LDFLAGS = --static 27DEPS=../libcap/libcap.a 28ifeq ($(PTHREADS),yes) 29DEPS += ../libcap/libpsx.a 30endif 31endif 32 33../libcap/libcap.so: 34 $(MAKE) -C ../libcap libcap.so 35 36../libcap/libcap.a: 37 $(MAKE) -C ../libcap libcap.a 38 39ifeq ($(PTHREADS),yes) 40../libcap/libpsx.so: 41 $(MAKE) -C ../libcap libpsx.so 42 43../libcap/libpsx.a: 44 $(MAKE) -C ../libcap libpsx.a 45endif 46 47../progs/tcapsh-static: 48 $(MAKE) -C ../progs tcapsh-static 49 50test: 51ifeq ($(PTHREADS),yes) 52 $(MAKE) run_psx_test run_libcap_psx_test 53endif 54 55sudotest: test 56 $(MAKE) run_uns_test 57 $(MAKE) run_libcap_launch_test 58ifeq ($(PTHREADS),yes) 59 $(MAKE) run_libcap_psx_launch_test run_exploit_test 60endif 61 62# unprivileged 63run_psx_test: psx_test 64 ./psx_test 65 66psx_test: psx_test.c $(DEPS) 67 $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) 68 69run_libcap_psx_test: libcap_psx_test 70 ./libcap_psx_test 71 72libcap_psx_test: libcap_psx_test.c $(DEPS) 73 $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) 74 75# privileged 76uns_test: uns_test.c $(DEPS) 77 $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) 78 79run_uns_test: uns_test 80 echo exit | $(SUDO) ./uns_test 81 82run_libcap_launch_test: libcap_launch_test noop ../progs/tcapsh-static 83 $(SUDO) ./libcap_launch_test 84 85run_libcap_psx_launch_test: libcap_psx_launch_test ../progs/tcapsh-static 86 $(SUDO) ./libcap_psx_launch_test 87 88libcap_launch_test: libcap_launch_test.c $(DEPS) 89 $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) 90 91# This varies only slightly from the above insofar as it currently 92# only links in the pthreads fork support. TODO() we need to change 93# the source to do something interesting with pthreads. 94libcap_psx_launch_test: libcap_launch_test.c $(DEPS) 95 $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) 96 97 98# This test demonstrates that libpsx is needed to secure multithreaded 99# programs that link against libcap. 100run_exploit_test: exploit noexploit 101 @echo exploit should succeed 102 $(SUDO) ./exploit ; if [ $$? -ne 0 ]; then exit 0; else exit 1 ; fi 103 @echo exploit should fail 104 $(SUDO) ./noexploit ; if [ $$? -eq 0 ]; then exit 0; else exit 1 ; fi 105 106exploit: exploit.o $(DEPS) 107 $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread 108 109# Note, for some reason, the order of libraries is important to avoid 110# the exploit working for dynamic linking. 111noexploit: exploit.o $(DEPS) 112 $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) 113 114# This one runs in a chroot with no shared library files. 115noop: noop.c 116 $(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ --static 117 118clean: 119 rm -f psx_test libcap_psx_test libcap_launch_test uns_test *~ 120 rm -f libcap_launch_test libcap_psx_launch_test core noop 121 rm -f exploit noexploit exploit.o 122