1 #! /usr/bin/ksh
2 #
3 #
4 # This file and its contents are supplied under the terms of the
5 # Common Development and Distribution License ("CDDL"), version 1.0.
6 # You may only use this file in accordance with the terms of version
7 # 1.0 of the CDDL.
8 #
9 # A full copy of the text of the CDDL should have accompanied this
10 # source. A copy of the CDDL is also available via the Internet at
11 # http://www.illumos.org/license/CDDL.
12 #
13
14 #
15 # Copyright 2015, Richard Lowe.
16 # Copyright 2019 Joyent, Inc.
17 #
18
19 # check secflags, waiting a little bit for the change to happen
20 secflags() {
21 sleep 1
22 /usr/bin/psecflags $*
23 }
24
25 mkdir /tmp/$$-secflags-test
26 cd /tmp/$$-secflags-test
27
28 /usr/bin/psecflags -s none $$ # Clear ourselves out
29 cat > expected <<EOF
30 I: none
31 EOF
32
33 secflags $$ | grep I: > output
34 diff -u expected output || exit 1 # Make sure the setting of 'none' worked
35
36 cleanup() {
37 cd /
38 rm -fr /tmp/$$-secflags-test
39 }
40 trap cleanup EXIT
41
42 ## Tests of manipulating a running process (ourselves)
43
44 self_set() {
45 echo "Set (self)"
46 /usr/bin/psecflags -s aslr $$
47
48 cat > expected <<EOF
49 I: aslr
50 EOF
51
52 secflags $$ | grep I: > output
53 diff -u expected output || exit 1
54 }
55
56 self_add() {
57 echo "Add (self)"
58 /usr/bin/psecflags -s current,noexecstack $$
59 cat > expected <<EOF
60 I: aslr,noexecstack
61 EOF
62
63 secflags $$ | grep I: > output
64 diff -u expected output || exit 1
65 }
66
67 self_remove() {
68 echo "Remove (self)"
69 /usr/bin/psecflags -s current,-aslr $$
70 cat > expected <<EOF
71 I: noexecstack
72 EOF
73
74 secflags $$ | grep I: > output
75 diff -u expected output || exit 1
76 }
77
78 self_all() {
79 echo "All (self)"
80 /usr/bin/psecflags -s all $$
81 secflags $$ | grep -q 'I:.*,.*,' || exit 1 # This is lame, but functional
82 }
83
84 self_none() {
85 echo "None (self)"
86 /usr/bin/psecflags -s all $$
87 /usr/bin/psecflags -s none $$
88 cat > expected <<EOF
89 I: none
90 EOF
91 secflags $$ | grep I: > output
92 diff -u expected output || exit 1
93 }
94
95 child_set() {
96 echo "Set (child)"
97
98 typeset pid;
99
100 /usr/bin/psecflags -s aslr -e sleep 10000 &
101 pid=$!
102 cat > expected <<EOF
103 E: aslr
104 I: aslr
105 EOF
106 secflags $pid | grep '[IE]:' > output
107 kill $pid
108 diff -u expected output || exit 1
109 }
110
111 child_add() {
112 echo "Add (child)"
113
114 typeset pid;
115
116 /usr/bin/psecflags -s aslr $$
117 /usr/bin/psecflags -s current,noexecstack -e sleep 10000 &
118 pid=$!
119 cat > expected <<EOF
120 E: aslr,noexecstack
121 I: aslr,noexecstack
122 EOF
123 secflags $pid | grep '[IE]:' > output
124 kill $pid
125 /usr/bin/psecflags -s none $$
126 diff -u expected output || exit 1
127 }
128
129 child_remove() {
130 echo "Remove (child)"
131
132 typeset pid;
133
134 /usr/bin/psecflags -s aslr $$
135 /usr/bin/psecflags -s current,-aslr -e sleep 10000 &
136 pid=$!
137 cat > expected <<EOF
138 E: none
139 I: none
140 EOF
141 secflags $pid | grep '[IE]:' > output
142 kill $pid
143 /usr/bin/psecflags -s none $$
144 diff -u expected output || exit 1
145 }
146
147 child_all() {
148 echo "All (child)"
149
150 typeset pid ret
151
152 /usr/bin/psecflags -s all -e sleep 10000 &
153 pid=$!
154 secflags $pid | grep -q 'E:.*,.*,' # This is lame, but functional
155 ret=$?
156 kill $pid
157 (( $ret != 0 )) && exit $ret
158 }
159
160 child_none() {
161 echo "None (child)"
162
163 typeset pid
164
165 /usr/bin/psecflags -s all $$
166
167 /usr/bin/psecflags -s none -e sleep 10000 &
168 pid=$!
169 cat > expected <<EOF
170 E: none
171 I: none
172 EOF
173 secflags $pid | grep '[IE]:' > output
174 kill $pid
175 diff -u expected output || exit 1
176 }
177
178 list() {
179 echo "List"
180 cat > expected<<EOF
181 aslr
182 forbidnullmap
183 noexecstack
184 EOF
185
186 /usr/bin/psecflags -l > output
187 diff -u expected output || exit 1
188 }
189
190 self_set
191 self_add
192 self_remove
193 self_all
194 self_none
195 child_set
196 child_add
197 child_remove
198 child_all
199 child_none
200 list
201
202 exit 0