diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-30 22:16:33 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-30 22:16:33 +0300 |
| commit | c5ef17c2b728eae057fae43db020d1023e5cc634 (patch) | |
| tree | 3daee5dd2e6e86c61ce1c67b35f24c3801e4ff33 /internal/eventloop_security_test.go | |
| parent | 04881431fb051fc9915184c54dffdcbb9aa5c65e (diff) | |
test(pipe): lock in pipe/pipe2 IPC classification and fd-pair exit reads
Audit of pipe(2)/pipe2(2) (task dx) confirmed the tracing implementation is
correct: KindPipe (not KindFd, since args[0] is an output ptr to int[2], not an
fd), FamilyIPC, and an UNCLASSIFIED int return. Enter stashes the output ptr
(flags=0 for pipe, args[1] for pipe2); exit reads the fd pair via
bpf_probe_read_user guarded by ret==0, mirroring the socketpair pipe-like
pattern. The only gaps were missing lock-in tests, now added:
- codegen: assert the exit handler reads the fd pair from the stashed output
buffer (ret==0 guard, bpf_probe_read_user, fd0/fd1) and that the flag-less
pipe variant hardcodes flags=0 and never reads args[1].
- classify: pipe/pipe2 are never KindFd and stay UNCLASSIFIED on ret.
- runtime: a failed pipe (ret==-1) tracks no descriptors and attaches no file.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Diffstat (limited to 'internal/eventloop_security_test.go')
0 files changed, 0 insertions, 0 deletions