File: Makefile

package info (click to toggle)
libcap2 1%3A2.75-10
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,068 kB
  • sloc: ansic: 9,181; sh: 1,138; makefile: 812; cpp: 45; asm: 16
file content (149 lines) | stat: -rw-r--r-- 4,151 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
#
# NOTE the built tests are all designed to be run from this
# working directory when built DYNAMIC=yes. That is, they
# link to the shared libraries in ../libcap/ .
#
topdir=$(shell pwd)/..
include ../Make.Rules
#

all:
	@echo leave test building to test target

install:
	@echo nothing to install from tests

FORCE_RPATH_LINKSO=-Wl,-rpath,../libcap

ifeq ($(DYNAMIC),yes)
LINKEXTRA=$(FORCE_RPATH_LINKSO)
DEPS=../libcap/libcap.so
ifeq ($(PTHREADS),yes)
DEPS += ../libcap/libpsx.so
endif
else
# For this build variant override the LDFLAGS to link statically from
# libraries within the build tree. If you never want this, use
# make DYNAMIC=yes ...
LDFLAGS = --static
DEPS=../libcap/libcap.a
ifeq ($(PTHREADS),yes)
DEPS +=  ../libcap/libpsx.a
endif
endif

../libcap/libcap.so:
	$(MAKE) -C ../libcap libcap.so

../libcap/libcap.a:
	$(MAKE) -C ../libcap libcap.a

../libcap/loader.txt:
	$(MAKE) -C ../libcap loader.txt

ifeq ($(PTHREADS),yes)
../libcap/libpsx.so:
	$(MAKE) -C ../libcap libpsx.so

../libcap/libpsx.a:
	$(MAKE) -C ../libcap libpsx.a
endif

../progs/tcapsh-static:
	$(MAKE) -C ../progs tcapsh-static

test:
ifeq ($(PTHREADS),yes)
	$(MAKE) run_psx_test run_libcap_psx_test
ifeq ($(SHARED),yes)
	$(MAKE) run_b219174
endif
endif

sudotest: test
	$(MAKE) run_uns_test
	$(MAKE) run_libcap_launch_test
ifeq ($(PTHREADS),yes)
	$(MAKE) run_libcap_psx_launch_test run_exploit_test
endif

# unprivileged
run_psx_test: psx_test
	./psx_test

psx_test: psx_test.c $(DEPS)
	$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB)

run_libcap_psx_test: libcap_psx_test
	./libcap_psx_test

libcap_psx_test: libcap_psx_test.c $(DEPS)
	$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB)

# privileged
uns_test: uns_test.c $(DEPS)
	$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB)

run_uns_test: uns_test
	echo exit | $(SUDO) ./uns_test

run_libcap_launch_test: libcap_launch_test noop ../progs/tcapsh-static
	$(SUDO) ./libcap_launch_test

run_libcap_psx_launch_test: libcap_psx_launch_test ../progs/tcapsh-static
	$(SUDO) ./libcap_psx_launch_test

libcap_launch_test: libcap_launch_test.c $(DEPS)
	$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB)

# This varies only slightly from the above insofar as it currently
# only links in the pthreads fork support. TODO() we need to change
# the source to do something interesting with pthreads.
libcap_psx_launch_test: libcap_launch_test.c $(DEPS)
	$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB)


# This test demonstrates that libpsx is needed to secure multithreaded
# programs that link against libcap.
run_exploit_test: exploit noexploit
	@echo exploit should succeed
	$(SUDO) ./exploit ; if [ $$? -ne 0 ]; then exit 0; else exit 1 ; fi
	@echo exploit should fail
	$(SUDO) ./noexploit ; if [ $$? -eq 0 ]; then exit 0; else exit 1 ; fi

exploit: exploit.o $(DEPS)
	$(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread

# Note, for some reason, the order of libraries is important to avoid
# the exploit working for dynamic linking.
noexploit: exploit.o $(DEPS)
	$(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB)

# This one runs in a chroot with no shared library files.
noop: noop.c
	$(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ --static

# validate that a shred library that, itself launches threads, is
# covered by -lpsx.

ifeq ($(PTHREADS),yes)
ifeq ($(SHARED),yes)
run_b219174: weaver.so b219174
	./weaver.so
	./b219174

# This is *NOT* linked against libpsx.
weaver.so: weaver.c weaver.h ../libcap/execable.h ../libcap/loader.txt
	$(LD) -o $@ $(CFLAGS) -fPIC $(CPPFLAGS) weaver.c -DSHARED_LOADER=\"$(shell cat ../libcap/loader.txt)\" -Wl,-e,__so_start -lpthread

# This only works when linked dynamically
b219174: b219174.c $(DEPS)
	$(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ $(FORCE_RPATH_LINKSO) $(LIBPSXLIB) -ldl

endif
endif

clean:
	rm -f psx_test libcap_psx_test libcap_launch_test uns_test *~
	rm -f libcap_launch_test libcap_psx_launch_test core noop
	rm -f exploit noexploit exploit.o weaver.so b219174