diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-29 17:43:54 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-29 17:43:54 +0300 |
| commit | ff9b210cb39e6ae72b43fb0814f32d6a39f77b63 (patch) | |
| tree | 652bae2c31b537162adb1e2165e56b2fb192b116 /internal | |
| parent | 0a9a92e359e06df0c6cd8e8eff1c165ed7fc2fa0 (diff) | |
test(generate): lock in setsid classification audit
setsid(2) takes no arguments and returns the new session ID (a pid_t)
on success or (pid_t)-1 on error. Audit confirms it is correctly
classified as KindNull (null_event enter handler, captures nothing),
FamilyProcess (alongside its session/process-group siblings
getsid/setpgid/getpgid/getpgrp and the pid-returning getpid/getppid),
and its exit ret_type stays UNCLASSIFIED so the session-id return is
never mistaken for a transferred byte count.
No codegen or doc changes were required (mage generate yields no diff).
Add lock-in assertions so a stray reclassification trips a test:
- family_test.go: setsid + session/pgrp/pid siblings -> FamilyProcess
- retclassify_test.go: setsid + pid-returning siblings -> Unclassified
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/generate/family_test.go | 16 | ||||
| -rw-r--r-- | internal/generate/retclassify_test.go | 10 |
2 files changed, 26 insertions, 0 deletions
diff --git a/internal/generate/family_test.go b/internal/generate/family_test.go index c553d26..827e592 100644 --- a/internal/generate/family_test.go +++ b/internal/generate/family_test.go @@ -34,6 +34,22 @@ func TestClassifySyscallFamily(t *testing.T) { {"sys_enter_migrate_pages", FamilyMemory}, {"sys_enter_move_pages", FamilyMemory}, {"sys_enter_execve", FamilyProcess}, + // setsid(2) creates a new session and returns the new session ID + // (a pid_t), or -1 on error; it takes no arguments. It is a + // process/session-management syscall and shares FamilyProcess with its + // session/process-group siblings getsid(2), setpgid(2), getpgid(2), and + // getpgrp(2), as well as the pid-returning getpid(2)/getppid(2). Assert + // the whole session/pgrp cluster so a stray reclassification of any one + // trips this test. Keep in sync with the Process list in + // docs/syscall-tracing-plan.md. + {"sys_enter_setsid", FamilyProcess}, + {"sys_exit_setsid", FamilyProcess}, + {"sys_enter_getsid", FamilyProcess}, + {"sys_enter_setpgid", FamilyProcess}, + {"sys_enter_getpgid", FamilyProcess}, + {"sys_enter_getpgrp", FamilyProcess}, + {"sys_enter_getpid", FamilyProcess}, + {"sys_enter_getppid", FamilyProcess}, {"sys_enter_rt_sigaction", FamilySignals}, {"sys_enter_clock_gettime", FamilyTime}, // gettimeofday(2) gets wall-clock time via a userspace timeval/timezone diff --git a/internal/generate/retclassify_test.go b/internal/generate/retclassify_test.go index 148c1e6..4e6a0ad 100644 --- a/internal/generate/retclassify_test.go +++ b/internal/generate/retclassify_test.go @@ -60,6 +60,16 @@ func TestClassifyRetUnclassified(t *testing.T) { // ret_event and must stay UNCLASSIFIED, like its NUMA siblings // set_mempolicy/mbind/migrate_pages/move_pages. "set_mempolicy_home_node", + // setsid(2) returns the new session ID (a pid_t) on success, or + // (pid_t)-1 on error; that return is a session/process identifier, not a + // transferred byte count. Its exit must stay UNCLASSIFIED (plain + // ret_event), exactly like its pid-returning siblings getsid/getpid/ + // getppid (asserted below), so it is never mistaken for a read/write + // byte transfer. + "setsid", + "getsid", + "getpid", + "getppid", } for _, name := range unclassified { if got := ClassifyRet("sys_exit_" + name); got != Unclassified { |