1# 2# NOTE the built tests are all designed to be run from this 3# working directory when built DYNAMIC=yes. That is, they 4# link to the shared libraries in ../libcap/ . 5# 6topdir=$(shell pwd)/.. 7include ../Make.Rules 8# 9 10all: 11 $(MAKE) libcap_launch_test uns_test 12ifeq ($(PTHREADS),yes) 13 $(MAKE) psx_test libcap_psx_test libcap_psx_launch_test 14endif 15 16install: all 17 18ifeq ($(DYNAMIC),yes) 19LINKEXTRA=-Wl,-rpath,../libcap 20DEPS=../libcap/libcap.so 21ifeq ($(PTHREADS),yes) 22DEPS += ../libcap/libpsx.so 23endif 24else 25LDSTATIC = --static 26DEPS=../libcap/libcap.a 27ifeq ($(PTHREADS),yes) 28DEPS += ../libcap/libpsx.a 29endif 30endif 31 32../libcap/libcap.so: 33 $(MAKE) -C ../libcap libcap.so 34 35../libcap/libcap.a: 36 $(MAKE) -C ../libcap libcap.a 37 38ifeq ($(PTHREADS),yes) 39../libcap/libpsx.so: 40 $(MAKE) -C ../libcap libpsx.so 41 42../libcap/libpsx.a: 43 $(MAKE) -C ../libcap libpsx.a 44endif 45 46../progs/tcapsh-static: 47 $(MAKE) -C ../progs tcapsh-static 48 49test: 50ifeq ($(PTHREADS),yes) 51 $(MAKE) run_psx_test run_libcap_psx_test 52endif 53 54sudotest: test 55 $(MAKE) run_uns_test 56 $(MAKE) run_libcap_launch_test 57ifeq ($(PTHREADS),yes) 58 $(MAKE) run_libcap_psx_launch_test run_exploit_test 59endif 60 61# unprivileged 62run_psx_test: psx_test 63 ./psx_test 64 65psx_test: psx_test.c $(DEPS) 66 $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDSTATIC) 67 68run_libcap_psx_test: libcap_psx_test 69 ./libcap_psx_test 70 71libcap_psx_test: libcap_psx_test.c $(DEPS) 72 $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDSTATIC) 73 74# privileged 75uns_test: uns_test.c $(DEPS) 76 $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDSTATIC) 77 78run_uns_test: uns_test 79 echo exit | sudo ./uns_test 80 81run_libcap_launch_test: libcap_launch_test noop ../progs/tcapsh-static 82 sudo ./libcap_launch_test 83 84run_libcap_psx_launch_test: libcap_psx_launch_test ../progs/tcapsh-static 85 sudo ./libcap_psx_launch_test 86 87libcap_launch_test: libcap_launch_test.c $(DEPS) 88 $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDSTATIC) 89 90# This varies only slightly from the above insofar as it currently 91# only links in the pthreads fork support. TODO() we need to change 92# the source to do something interesting with pthreads. 93libcap_psx_launch_test: libcap_launch_test.c $(DEPS) 94 $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDSTATIC) 95 96 97# This test demonstrates that libpsx is needed to secure multithreaded 98# programs that link against libcap. 99run_exploit_test: exploit noexploit 100 @echo exploit should succeed 101 sudo ./exploit ; if [ $$? -ne 0 ]; then exit 0; else exit 1 ; fi 102 @echo exploit should fail 103 sudo ./noexploit ; if [ $$? -eq 0 ]; then exit 0; else exit 1 ; fi 104 105exploit.o: exploit.c 106 $(CC) $(CFLAGS) $(IPATH) -c $< 107 108exploit: exploit.o $(DEPS) 109 $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread $(LDSTATIC) 110 111# Note, for some reason, the order of libraries is important to avoid 112# the exploit working for dynamic linking. 113noexploit: exploit.o $(DEPS) 114 $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) $(LDSTATIC) 115 116# This one runs in a chroot with no shared library files. 117noop: noop.c 118 $(CC) $(CFLAGS) $< -o $@ --static 119 120clean: 121 rm -f psx_test libcap_psx_test libcap_launch_test uns_test *~ 122 rm -f libcap_launch_test libcap_psx_launch_test core noop 123 rm -f exploit noexploit exploit.o 124