117 lines
3.0 KiB
Makefile
117 lines
3.0 KiB
Makefile
#
|
|
# NOTE the built tests are all designed to be run from this
|
|
# working directory when built DYNAMIC=yes. That is, they
|
|
# link to the shared libraries in ../libcap/ .
|
|
#
|
|
topdir=$(shell pwd)/..
|
|
include ../Make.Rules
|
|
#
|
|
|
|
all:
|
|
make libcap_launch_test
|
|
ifeq ($(PTHREADS),yes)
|
|
make psx_test libcap_psx_test libcap_psx_launch_test
|
|
endif
|
|
|
|
install: all
|
|
|
|
ifeq ($(DYNAMIC),yes)
|
|
LINKEXTRA=-Wl,-rpath,../libcap
|
|
DEPS=../libcap/libcap.so
|
|
ifeq ($(PTHREADS),yes)
|
|
DEPS += ../libcap/libpsx.so
|
|
endif
|
|
else
|
|
LDFLAGS += --static
|
|
DEPS=../libcap/libcap.a
|
|
ifeq ($(PTHREADS),yes)
|
|
DEPS += ../libcap/libpsx.a
|
|
endif
|
|
endif
|
|
|
|
../libcap/libcap.so:
|
|
make -C ../libcap libcap.so
|
|
|
|
../libcap/libcap.a:
|
|
make -C ../libcap libcap.a
|
|
|
|
ifeq ($(PTHREADS),yes)
|
|
../libcap/libpsx.so:
|
|
make -C ../libcap libpsx.so
|
|
|
|
../libcap/libpsx.a:
|
|
make -C ../libcap libpsx.a
|
|
endif
|
|
|
|
../progs/tcapsh-static:
|
|
make -C ../progs tcapsh-static
|
|
|
|
test:
|
|
ifeq ($(PTHREADS),yes)
|
|
make run_psx_test run_libcap_psx_test
|
|
endif
|
|
|
|
sudotest: test
|
|
make run_libcap_launch_test
|
|
ifeq ($(PTHREADS),yes)
|
|
make run_libcap_psx_launch_test run_exploit_test
|
|
endif
|
|
|
|
# unprivileged
|
|
run_psx_test: psx_test
|
|
./psx_test
|
|
|
|
psx_test: psx_test.c $(DEPS)
|
|
$(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS)
|
|
|
|
run_libcap_psx_test: libcap_psx_test
|
|
./libcap_psx_test
|
|
|
|
libcap_psx_test: libcap_psx_test.c $(DEPS)
|
|
$(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
|
|
|
|
# privileged
|
|
run_libcap_launch_test: libcap_launch_test noop ../progs/tcapsh-static
|
|
sudo ./libcap_launch_test
|
|
|
|
run_libcap_psx_launch_test: libcap_psx_launch_test ../progs/tcapsh-static
|
|
sudo ./libcap_psx_launch_test
|
|
|
|
libcap_launch_test: libcap_launch_test.c $(DEPS)
|
|
$(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDFLAGS)
|
|
|
|
# This varies only slightly from the above insofar as it currently
|
|
# only links in the pthreads fork support. TODO() we need to change
|
|
# the source to do something interesting with pthreads.
|
|
libcap_psx_launch_test: libcap_launch_test.c $(DEPS)
|
|
$(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
|
|
|
|
|
|
# This test demonstrates that libpsx is needed to secure multithreaded
|
|
# programs that link against libcap.
|
|
run_exploit_test: exploit noexploit
|
|
@echo exploit should succeed
|
|
sudo ./exploit ; if [ $$? -ne 0 ]; then exit 0; else exit 1 ; fi
|
|
@echo exploit should fail
|
|
sudo ./noexploit ; if [ $$? -eq 0 ]; then exit 0; else exit 1 ; fi
|
|
|
|
exploit.o: exploit.c
|
|
$(CC) $(CFLAGS) $(IPATH) -c $<
|
|
|
|
exploit: exploit.o $(DEPS)
|
|
$(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread $(LDFLAGS)
|
|
|
|
# Note, for some reason, the order of libraries is important to avoid
|
|
# the exploit working for dynamic linking.
|
|
noexploit: exploit.o $(DEPS)
|
|
$(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) $(LDFLAGS)
|
|
|
|
# This one runs in a chroot with no shared library files.
|
|
noop: noop.c
|
|
$(CC) $(CFLAGS) $< -o $@ --static
|
|
|
|
clean:
|
|
rm -f psx_test libcap_psx_test libcap_launch_test *~
|
|
rm -f libcap_launch_test libcap_psx_launch_test core noop
|
|
rm -f exploit noexploit exploit.o
|