From 5e8e72f91c73bff9dbdb8d44afb1ce48f694bc8e Mon Sep 17 00:00:00 2001
From: Mark Mentovai <mark@chromium.org>
Date: Wed, 5 Aug 2015 18:24:53 -0400
Subject: [PATCH] =?UTF-8?q?Don=E2=80=99t=20use=20DYLD=5FINSERT=5FLIBRARIES?=
 =?UTF-8?q?=20with=20a=20system=20executable.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OS X 10.11 introduces System Integrity Protection. One facet of that
forbids code injection into system executables. A Crashpad test checks
that information can be recovered from dyld in early-launch crashes by
requesting dyld load a nonexistent library with DYLD_INSERT_LIBRARIES.
The executable was meaningless but a system-provided executable,
/usr/bin/true, was used for convenience.

This test hung on OS X 10.11 because DYLD_INSERT_LIBRARIES was ignored
for the system executable, and no crash occurred. The test waited for a
crash that would never come.

A custom no-op executable, crashpad_snapshot_test_no_op, is provided as
an executable that does work with DYLD_INSERT_LIBRARIES.

BUG=crashpad:41
TEST=crashpad_snapshot_test MachOImageAnnotationsReader.CrashDyld
R=rsesek@chromium.org

Review URL: https://codereview.chromium.org/1276553005 .
---
 .../mach_o_image_annotations_reader_test.cc   | 18 +++++++++++++++---
 ...h_o_image_annotations_reader_test_no_op.cc | 19 +++++++++++++++++++
 snapshot/snapshot_test.gyp                    | 16 ++++++++++++++++
 3 files changed, 50 insertions(+), 3 deletions(-)
 create mode 100644 snapshot/mac/mach_o_image_annotations_reader_test_no_op.cc

diff --git a/snapshot/mac/mach_o_image_annotations_reader_test.cc b/snapshot/mac/mach_o_image_annotations_reader_test.cc
index b9a782ca..12dc6e51 100644
--- a/snapshot/mac/mach_o_image_annotations_reader_test.cc
+++ b/snapshot/mac/mach_o_image_annotations_reader_test.cc
@@ -26,6 +26,7 @@
 #include <vector>
 
 #include "base/basictypes.h"
+#include "base/files/file_path.h"
 #include "client/crashpad_info.h"
 #include "client/simple_string_dictionary.h"
 #include "gtest/gtest.h"
@@ -33,6 +34,7 @@
 #include "test/errors.h"
 #include "test/mac/mach_errors.h"
 #include "test/mac/mach_multiprocess.h"
+#include "test/paths.h"
 #include "util/file/file_io.h"
 #include "util/mac/mac_util.h"
 #include "util/mach/exc_server_variants.h"
@@ -45,6 +47,11 @@ namespace crashpad {
 namespace test {
 namespace {
 
+//! \return The path to the crashpad_snapshot_test_no_op executable.
+base::FilePath NoOpExecutable() {
+  return base::FilePath(Paths::Executable().value() + "_no_op");
+}
+
 class TestMachOImageAnnotationsReader final
     : public MachMultiprocess,
       public UniversalMachExcServer::Interface {
@@ -304,9 +311,14 @@ class TestMachOImageAnnotationsReader final
 
         // The actual executable doesn’t matter very much, because dyld won’t
         // ever launch it. It just needs to be an executable that uses dyld as
-        // its LC_LOAD_DYLINKER (all normal executables do). /usr/bin/true is on
-        // every system, so use it.
-        ASSERT_EQ(0, execl("/usr/bin/true", "true", nullptr))
+        // its LC_LOAD_DYLINKER (all normal executables do). A custom no-op
+        // executable is provided because DYLD_INSERT_LIBRARIES does not work
+        // with system executables on OS X 10.11 due to System Integrity
+        // Protection.
+        base::FilePath no_op_executable = NoOpExecutable();
+        ASSERT_EQ(0, execl(no_op_executable.value().c_str(),
+                           no_op_executable.BaseName().value().c_str(),
+                           nullptr))
             << ErrnoMessage("execl");
         break;
       }
diff --git a/snapshot/mac/mach_o_image_annotations_reader_test_no_op.cc b/snapshot/mac/mach_o_image_annotations_reader_test_no_op.cc
new file mode 100644
index 00000000..b8953207
--- /dev/null
+++ b/snapshot/mac/mach_o_image_annotations_reader_test_no_op.cc
@@ -0,0 +1,19 @@
+// Copyright 2015 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <stdlib.h>
+
+int main(int argc, char* argv[]) {
+  return EXIT_SUCCESS;
+}
diff --git a/snapshot/snapshot_test.gyp b/snapshot/snapshot_test.gyp
index be091ac0..538e7c60 100644
--- a/snapshot/snapshot_test.gyp
+++ b/snapshot/snapshot_test.gyp
@@ -80,6 +80,9 @@
       ],
       'conditions': [
         ['OS=="mac"', {
+          'dependencies': [
+            'crashpad_snapshot_test_no_op',
+          ],
           'link_settings': {
             'libraries': [
               '$(SDKROOT)/System/Library/Frameworks/OpenCL.framework',
@@ -103,4 +106,17 @@
       ],
     },
   ],
+  'conditions': [
+    ['OS=="mac"', {
+      'targets': [
+        {
+          'target_name': 'crashpad_snapshot_test_no_op',
+          'type': 'executable',
+          'sources': [
+            'mac/mach_o_image_annotations_reader_test_no_op.cc',
+          ],
+        },
+      ],
+    }],
+  ],
 }