Integration tests TODO list

[japaric]

Milestone 2

command line flags

• --user
• --group test sudoers Runas_Spec and the --group flag #133
• --login compliance tests #186
• --shell compliance tests #184
• --chdir compliance tests #182
• --reset-timestamp (lower prio) part of compliant test timestamp mechanism #304
• --validate part of compliant test timestamp mechanism #304
• --chdir Tests --chdir flag. #183
• test --remove-timestamp #357
• test -n, --non-interactive flag #391

sudoers tags

• NOPASSWD
• PASSWD test PASSWD #531
• test Chdir_Spec e.g. CWD=* #317

sudoers defaults

• env_reset (only true)
• test env_keep #336
• lecture_file compliance tests #252
• test env_check #337
• secure_path test PATH search and secure_path #172
• use_pty Test use_pty #301

sudoers user specification

• user_list e.g. <user_list> ALL(ALL:ALL) ALL compliance tests: password auth & sudoers' user_list #98
• restricted runas user: e.g. root ALL=(<specific-user>:ALL) ALL test sudoers Runas_Spec and the --group flag #133
• restricted runas group: e.g. root ALL=(ALL:<specific-group>) ALL test sudoers Runas_Spec and the --group flag #133
• restricted command: e.g. root ALL=(ALL:ALL) /usr/bin/ls test sudoers cmnd_list #144
• restricted hostname, e.g. ALL remotehost = (ALL:ALL) ALL test sudoers host_list and user_list #145
• User_Alias e.g. User_Alias ADMINS = root, ferris test User_Alias in User_List #178
• Runas_Alias (see also Investigate what a corner case of RunAs_Alias should do. #13)
• Host_Alias e.g. Host_Alias SERVERS = main, www, mail test Host_Alias #361
• Cmnd_Alias e.g. Cmnd_Alias CMDSGROUP = /bin/true, /bin/ls test Cmnd_Alias #385

password authentication

• with -S flag compliance tests: password auth & sudoers' user_list #98
• without -S flag test password authentication using TTY emulation #109

child process

• stdin, stdout, stderr, exit status redirection test stdin forwarding #132
• signal handling compliance-test: signal handling #111

third party integration

• pam PAM integration tests #113
• test pam_env integration #376
• test syslog integration #389

miscellaneous

• compliant test timestamp mechanism #304
• test password retry functionality #307

su

command line options

• su: test --command #493
• su: test --group #550
• su: test --supp-group #551
• su: test --whitelist-environment #527
• su: test --preserve-environment #528
• su: test --shell #495
• su: test --pty #586
• su: test --login #496
• su: test arguments after target user argument #573

inter-operation

• su: test configuring no (target user's) password required via PAM #628
• su: test syslog interoperation #606
• su: test process resource limits #629

misc

• su: test signal handling #589

Milestone 3

command line options

• -e, --edit
• -l, --list Make --list aware of NOPASSWD #530
• -R, --chroot=directory
• -U, --other-user=user
• "accepts full syntax sudoers, including options that are no-ops" -- possibly in connection to visudo (-c)

visudo

incomplete list:

• test visudo basic functionality #655

[squell]

Here is a list of applicable sudo advisories where we manually decided that we are secure:

Environment-related (we are secure since we force env_reset)

• https://www.sudo.ws/security/advisories/bash_functions/
• https://www.sudo.ws/security/advisories/bash_env/
• https://www.sudo.ws/security/advisories/perl_env/

We explicitly coded this:

• https://www.sudo.ws/security/advisories/tz/
• https://www.sudo.ws/security/advisories/linux_tty/ (not applicable, but we do what sudo does)

Our timestamping implementation uses system monotonic time (and is cleared upon a restart):

• https://www.sudo.ws/security/advisories/epoch_ticket/

Problems prevented by coding Rust:

• https://www.sudo.ws/security/advisories/path_race/ (this particular trigger of a race condition would not apply due to higher level coding practices, but race conditions themselves are of course still possible and we need to perform an audit for them)
• https://www.sudo.ws/security/advisories/group_vector/
• https://www.sudo.ws/security/advisories/cmnd_alias_negation/
• https://www.sudo.ws/security/advisories/secure_path/
• https://www.sudo.ws/security/advisories/runas_group/
• https://www.sudo.ws/security/advisories/runas_group_pw/
• https://www.sudo.ws/security/advisories/minus_1_uid/

Still need to check!

• https://www.sudo.ws/security/advisories/tty_tickets/

[squell]

Here's a list of sudo advisories that do not apply to us since they involve features we don't support.

Things that would apply if we were to implement these features (we have no plans to do so):

• https://www.sudo.ws/security/advisories/double_free/ (unlikely in Rust)
• https://www.sudo.ws/security/advisories/postfix/
• https://www.sudo.ws/security/advisories/netmask/
• https://www.sudo.ws/security/advisories/env_add/ (we could be susceptible)
• https://www.sudo.ws/security/advisories/pwfeedback/ (unlikely in Rust)

Sudoedit related ones:

• https://www.sudo.ws/security/advisories/unescape_overflow/
• https://www.sudo.ws/security/advisories/sudoedit_selinux/
• https://www.sudo.ws/security/advisories/sudoedit_any/
• https://www.sudo.ws/security/advisories/sudoedit/
• https://www.sudo.ws/security/advisories/sudoedit_escalate/
• https://www.sudo.ws/security/advisories/sudoedit_escalate2/

Noexec:

• https://www.sudo.ws/security/advisories/noexec_wordexp/
• https://www.sudo.ws/security/advisories/noexec_bypass/

[squell]

Closing since the only open issue is #301 which can be tracked there.