1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-10 05:18:17 +03:00
systemd/test/fuzz
Jakub Sitnicki 97df75d7bd socket: pass socket FDs to all ExecXYZ= commands but ExecStartPre=
Today listen file descriptors created by socket unit don't get passed to
commands in Exec{Start,Stop}{Pre,Post}= socket options.

This prevents ExecXYZ= commands from accessing the created socket FDs to do
any kind of system setup which involves the socket but is not covered by
existing socket unit options.

One concrete example is to insert a socket FD into a BPF map capable of
holding socket references, such as BPF sockmap/sockhash [1] or
reuseport_sockarray [2]. Or, similarly, send the file descriptor with
SCM_RIGHTS to another process, which has access to a BPF map for storing
sockets.

To unblock this use case, pass ListenXYZ= file descriptors to ExecXYZ=
commands as listen FDs [4]. As an exception, ExecStartPre= command does not
inherit any file descriptors because it gets invoked before the listen FDs
are created.

This new behavior can potentially break existing configurations. Commands
invoked from ExecXYZ= might not expect to inherit file descriptors through
sd_listen_fds protocol.

To prevent breakage, add a new socket unit parameter,
PassFileDescriptorsToExec=, to control whether ExecXYZ= programs inherit
listen FDs.

[1] https://docs.kernel.org/bpf/map_sockmap.html
[2] https://lore.kernel.org/r/20180808075917.3009181-1-kafai@fb.com
[3] https://man.archlinux.org/man/socket.7#SO_INCOMING_CPU
[4] https://www.freedesktop.org/software/systemd/man/latest/sd_listen_fds.html
2024-03-27 01:41:26 +08:00
..
fuzz-bootspec fuzz: shorten filename of testcase 2022-12-09 05:01:04 +09:00
fuzz-bus-match fuzz-bus-match: add example from bugzilla#1935084 2021-03-06 09:32:18 +01:00
fuzz-bus-message sd-bus: fix buffer overflow 2022-05-28 10:06:14 +02:00
fuzz-calendarspec shared/calendarspec: fix formatting of entries which collapse to a star 2022-05-10 14:35:57 +02:00
fuzz-catalog Drop split-usr and unmerged-usr support 2023-07-28 19:34:03 +01:00
fuzz-dhcp6-client fuzz: rename test cases for brevity and meaning 2022-05-04 11:51:15 +02:00
fuzz-dhcp-client fuzz: rename test cases for brevity and meaning 2022-05-04 11:51:15 +02:00
fuzz-dhcp-server fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
fuzz-dhcp-server-relay fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
fuzz-dns-packet fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
fuzz-env-file fuzz: add env-file fuzzer 2019-03-11 14:11:28 +01:00
fuzz-etc-hosts resolve: dedup entries in /etc/hosts 2022-12-13 20:37:48 +09:00
fuzz-execute-serialize core: remove duplicate serialization of cpu_sched_reset_on_fork 2024-02-27 19:20:44 +00:00
fuzz-fido-id-desc udev: Add id program and rule for FIDO security tokens 2019-09-07 02:23:58 +09:00
fuzz-journal-remote fuzz: rename test cases for brevity and meaning 2022-05-04 11:51:15 +02:00
fuzz-journald-audit journald: check whether sscanf has changed the value corresponding to %n 2018-11-17 11:25:19 +01:00
fuzz-journald-kmsg fuzz: rename test cases for brevity and meaning 2022-05-04 11:51:15 +02:00
fuzz-journald-native-fd tests: add a fuzzer for server_process_native_file 2018-11-23 17:29:59 +01:00
fuzz-journald-stream tests: add a fuzzer for journald streams 2018-11-20 03:03:32 +01:00
fuzz-journald-syslog
fuzz-json shared/json: fix memleak in sort 2022-05-10 17:08:37 +02:00
fuzz-link-parser meson: Generate fuzzer inputs with directives 2022-10-20 14:43:50 +02:00
fuzz-lldp-rx test: also rename {test,fuzz}-lldp.c 2021-09-27 23:55:11 +09:00
fuzz-manager-serialize oomd: correct listening sockets 2023-09-25 23:27:18 +02:00
fuzz-ndisc-rs fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
fuzz-netdev-parser network: netdev - bond add support for ARP missed max 2024-02-16 14:44:51 +05:30
fuzz-network-parser networkd: support proxy_arp_pvlan sysctl 2023-12-24 03:40:03 +09:00
fuzz-nspawn-oci json: correctly handle magic strings when parsing variant strv 2023-05-23 20:18:21 +02:00
fuzz-nspawn-settings test: update nspawn's basic config file used for fuzzing 2023-05-15 09:00:17 +02:00
fuzz-resource-record test: shorten sample names, drop numerical prefixes 2023-09-02 17:32:19 +03:00
fuzz-systemctl-parse-argv fuzz: rename long samples 2023-05-18 15:23:27 +02:00
fuzz-udev-database fuzz: add a sample for fuzz-udev-database 2019-02-26 13:28:30 +09:00
fuzz-udev-rules rules: go to the end of rules indeed when dm is suspended 2023-11-29 09:57:55 +01:00
fuzz-unit-file socket: pass socket FDs to all ExecXYZ= commands but ExecStartPre= 2024-03-27 01:41:26 +08:00
fuzz-varlink fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
fuzz-varlink-idl varlink: don't panic on malformed method definition 2023-10-14 17:40:07 +02:00
fuzz-xdg-desktop fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
.gitattributes gitattributes: introduce and use "generated" attribute 2021-10-18 09:42:55 +02:00
generate-directives.py meson: Generate fuzzer inputs with directives 2022-10-20 14:43:50 +02:00
meson.build meson: use ternary op for brevity 2023-11-15 14:53:11 +01:00