dropbear: test/test_aslr.py annotate

annotate test/test_aslr.py @ 1930:299f4f19ba19

Add /usr/sbin and /sbin to default root PATH When dropbear is used in a very restricted environment (such as in a initrd), the default user shell is often also very restricted and doesn't take care of setting the PATH so the user ends up with the PATH set by dropbear. Unfortunately, dropbear always sets "/usr/bin:/bin" as default PATH even for the root user which should have /usr/sbin and /sbin too. For a concrete instance of this problem, see the "Remote Unlocking" section in this tutorial: https://paxswill.com/blog/2013/11/04/encrypted-raspberry-pi/ It speaks of a bug in the initramfs script because it's written "blkid" instead of "/sbin/blkid"... this is just because the scripts from the initramfs do not expect to have a PATH without the sbin directories and because dropbear is not setting the PATH appropriately for the root user. I'm thus suggesting to use the attached patch to fix this misbehaviour (I did not test it, but it's easy enough). It might seem anecdotic but multiple Kali users have been bitten by this. From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403

author	Raphael Hertzog <hertzog@debian.org>
date	Mon, 09 Jul 2018 16:27:53 +0200
parents	1c9215154d4a
children

rev	line source
1861 2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 from pathlib import Path
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 import sys
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 from test_dropbear import *
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 def test_reexec(request, dropbear):
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 """
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 Tests that two consecutive connections have different address layouts.
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 This indicates that re-exec makes ASLR work
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 """
1863 b550845e500b Use venv for test_aslr Matt Johnston <matt@ucc.asn.au> parents: 1861 diff changeset	11 map_script = (Path(request.node.fspath).parent / "parent_dropbear_map.py").resolve()
b550845e500b Use venv for test_aslr Matt Johnston <matt@ucc.asn.au> parents: 1861 diff changeset	12 # run within the same venv, for python deps
b550845e500b Use venv for test_aslr Matt Johnston <matt@ucc.asn.au> parents: 1861 diff changeset	13 activate = own_venv_command()
b550845e500b Use venv for test_aslr Matt Johnston <matt@ucc.asn.au> parents: 1861 diff changeset	14 cmd = f"{activate}; {map_script}"
b550845e500b Use venv for test_aslr Matt Johnston <matt@ucc.asn.au> parents: 1861 diff changeset	15 print(cmd)
1861 2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 r = dbclient(request, cmd, capture_output=True, text=True)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 map1 = r.stdout.rstrip()
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 print(r.stderr, file=sys.stderr)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 r.check_returncode()
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 r = dbclient(request, cmd, capture_output=True, text=True)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 map2 = r.stdout.rstrip()
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 print(r.stderr, file=sys.stderr)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 r.check_returncode()
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 print(map1)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 print(map2)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 # expect something like
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 # "563174d59000-563174d5d000 r--p 00000000 00:29 4242372 /home/matt/src/dropbear/build/dropbear"
1865 d940f8007a45 Fix testing with dropbearmulti Matt Johnston <matt@ucc.asn.au> parents: 1863 diff changeset	30 assert map1.endswith('/dropbear') or map1.endswith('/dropbearmulti')
1861 2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 a1 = map1.split()[0]
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32 a2 = map2.split()[0]
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 print(a1)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 print(a2)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 # relocation addresses should differ
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 assert a1 != a2
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	37

Mercurial > dropbear

annotate test/test_aslr.py @ 1930:299f4f19ba19