在这里详述 ZhouyiZHOU/Security regression tests. I will mainly follow the case of people.freebsd.org/~pho/stress/src/stress2.tgz, and I will add mandatory access control and audit specific feature into stress2.tgz.
For example, in stress2 package the file rw/rw.c, I will add:
#ifdefine MAC
if((sysctlbyname("security.mac.mls",NULL,NULL,NULL,0)==-1)&&(errno==ENOENT))
- {
- goto nomac;
- {
. if((sysctlbyname("security.mac.sebsd",NULL,NULL,NULL,0)==-1)&&(errno==ENOENT))
- {
- goto nomac;
- {
mac_from_text(&label, "mls/5,sebsd/root:sysadm_r:sysadm_t");
- mac_set_proc(label);
nomac:
#endif
- before the code:
- 52 sprintf(path,"%s.%05d", getprogname(), getpid());
- 53 (void)mkdir(path, 0770);
- 54 if (chdir(path) == -1)
- .
And I will add a poll directory which using poll system call in the system with SEBSD and audit to test the audit system's ability to handle the extrodinary long audit record. (because in the poll system call, the SEBSD will generate the audit data of same content again and again until timeout).
As for cryptography subsystems, modify tcp.c in stress2 to connect to a remote machine with IPSec configured. using system("setkey ...") to setup IPSec key before the connect system call. On a remote machine writing a echo server, which will automaticly echo the data transfer to it.
As for testing of PF firewall I am also want to modify tcp.c and udp.c in stress2 to connect to a remote machine with a echo server. And also beforce the connect system call, I will using system("pfctl ...") to configure the PF firewall parameters. And I will add a icmp.c to test the icmp package handling of PF firewall
Lastly, I will borrow the ideas from lmbench to test performance of FreeBSD security subsystems