| OLD | NEW |
|---|
| 1 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
| 3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
| 4 | 4 |
| 5 import logging | 5 import logging |
| 6 import os | 6 import os |
| 7 | 7 |
| 8 from autotest_lib.client.bin import test, utils | 8 from autotest_lib.client.bin import test, utils |
| 9 from autotest_lib.client.common_lib import error | 9 from autotest_lib.client.common_lib import error |
| 10 | 10 |
| 11 class security_SuidBinaries(test.test): | 11 class security_SuidBinaries(test.test): |
| 12 version = 1 | 12 version = 1 |
| 13 | 13 |
| 14 def load_baseline(self,bltype): | 14 def load_baseline(self,bltype): |
| 15 baseline_file = open(os.path.join(self.bindir, 'baseline.' + bltype)) | 15 baseline_file = open(os.path.join(self.bindir, 'baseline.' + bltype)) |
| 16 return set(l.strip() for l in baseline_file) | 16 return set(l.strip() for l in baseline_file) |
| 17 | 17 |
| 18 | 18 |
| 19 def run_once(self, baseline='suid'): | 19 def run_once(self, baseline='suid'): |
| 20 """ | 20 """ |
| 21 Do a find on the system for setuid binaries, compare against baseline. | 21 Do a find on the system for setuid binaries, compare against baseline. |
| 22 Fail if these do not match. | 22 Fail if these do not match. |
| 23 """ | 23 """ |
| 24 mask = {'suid': '4000', 'sgid': '2000'} | 24 mask = {'suid': '4000', 'sgid': '2000'} |
| 25 cmd = ('find / -wholename /proc -prune -o ' | 25 cmd = ('find / -wholename /proc -prune -o ' |
| 26 ' -wholename /dev -prune -o ' | 26 ' -wholename /dev -prune -o ' |
| 27 ' -wholename /sys -prune -o ' | 27 ' -wholename /sys -prune -o ' |
| 28 ' -wholename /home/autotest -prune -o ' | |
| 29 ' -wholename /usr/local -prune -o ' | 28 ' -wholename /usr/local -prune -o ' |
| 30 ' -wholename /mnt/stateful_partition -prune -o ' | 29 ' -wholename /mnt/stateful_partition -prune -o ' |
| 31 '-type f -a -perm /%s -print' | 30 '-type f -a -perm /%s -print' |
| 32 ) % mask[baseline] | 31 ) % mask[baseline] |
| 33 cmd_output = utils.system_output(cmd, ignore_status=True) | 32 cmd_output = utils.system_output(cmd, ignore_status=True) |
| 34 observed_set = set(cmd_output.splitlines()) | 33 observed_set = set(cmd_output.splitlines()) |
| 35 baseline_set = self.load_baseline(baseline) | 34 baseline_set = self.load_baseline(baseline) |
| 36 | 35 |
| 37 # If something in the observed set is not | 36 # If something in the observed set is not |
| 38 # covered by the baseline... | 37 # covered by the baseline... |
| 39 diff = observed_set.difference(baseline_set) | 38 diff = observed_set.difference(baseline_set) |
| 40 if len(diff) > 0: | 39 if len(diff) > 0: |
| 41 for filepath in diff: | 40 for filepath in diff: |
| 42 logging.error('Unexpected %s binary: %s' % | 41 logging.error('Unexpected %s binary: %s' % |
| 43 (baseline, filepath)) | 42 (baseline, filepath)) |
| 44 | 43 |
| 45 # Or, things in baseline are missing from the system: | 44 # Or, things in baseline are missing from the system: |
| 46 diff2 = baseline_set.difference(observed_set) | 45 diff2 = baseline_set.difference(observed_set) |
| 47 if len(diff2) > 0: | 46 if len(diff2) > 0: |
| 48 for filepath in diff2: | 47 for filepath in diff2: |
| 49 logging.error('Missing %s binary: %s' % | 48 logging.error('Missing %s binary: %s' % |
| 50 (baseline, filepath)) | 49 (baseline, filepath)) |
| 51 | 50 |
| 52 if (len(diff) + len(diff2)) > 0: | 51 if (len(diff) + len(diff2)) > 0: |
| 53 raise error.TestFail('Baseline mismatch') | 52 raise error.TestFail('Baseline mismatch') |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6090004:
Move Autotest to /usr/local/autotest and fix hard-coded autodir paths in client tests. (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/autotest.git@master