1 #! /usr/bin/ksh
   2 #
   3 #
   4 # This file and its contents are supplied under the terms of the
   5 # Common Development and Distribution License ("CDDL"), version 1.0.
   6 # You may only use this file in accordance with the terms of version
   7 # 1.0 of the CDDL.
   8 #
   9 # A full copy of the text of the CDDL should have accompanied this
  10 # source.  A copy of the CDDL is also available via the Internet at
  11 # http://www.illumos.org/license/CDDL.
  12 #
  13 
  14 #
  15 # Copyright 2015, Richard Lowe.
  16 # Copyright 2019 Joyent, Inc.
  17 #
  18 
  19 # check secflags, waiting a little bit for the change to happen
  20 secflags() {
  21     sleep 1
  22     /usr/bin/psecflags $*
  23 }
  24 
  25 mkdir /tmp/$$-secflags-test
  26 cd /tmp/$$-secflags-test
  27 
  28 /usr/bin/psecflags -s none $$   # Clear ourselves out
  29 cat > expected <<EOF
  30         I:      none
  31 EOF
  32 
  33 secflags $$ | grep I: > output
  34 diff -u expected output || exit 1 # Make sure the setting of 'none' worked
  35 
  36 cleanup() {
  37     cd /
  38     rm -fr /tmp/$$-secflags-test
  39 }
  40 trap cleanup EXIT
  41 
  42 ## Tests of manipulating a running process (ourselves)
  43 
  44 self_set() {
  45     echo "Set (self)"
  46     /usr/bin/psecflags -s aslr $$
  47 
  48     cat > expected <<EOF
  49         I:      aslr
  50 EOF
  51 
  52     secflags $$ | grep I: > output
  53     diff -u expected output || exit 1
  54 }
  55 
  56 self_add() {
  57     echo "Add (self)"
  58     /usr/bin/psecflags -s current,noexecstack $$
  59     cat > expected <<EOF
  60         I:      aslr,noexecstack
  61 EOF
  62 
  63     secflags $$ | grep I: > output
  64     diff -u expected output || exit 1
  65 }
  66 
  67 self_remove() {
  68     echo "Remove (self)"
  69     /usr/bin/psecflags -s current,-aslr $$
  70     cat > expected <<EOF
  71         I:      noexecstack
  72 EOF
  73 
  74     secflags $$ | grep I: > output
  75     diff -u expected output || exit 1
  76 }
  77 
  78 self_all() {
  79     echo "All (self)"
  80     /usr/bin/psecflags -s all $$
  81     secflags $$ | grep -q 'I:.*,.*,' || exit 1 # This is lame, but functional
  82 }
  83 
  84 self_none() {
  85     echo "None (self)"
  86     /usr/bin/psecflags -s all $$
  87     /usr/bin/psecflags -s none $$
  88     cat > expected <<EOF
  89         I:      none
  90 EOF
  91     secflags $$ | grep I: > output
  92     diff -u expected output || exit 1
  93 }
  94 
  95 child_set() {
  96     echo "Set (child)"
  97 
  98     typeset pid;
  99 
 100     /usr/bin/psecflags -s aslr -e sleep 10000 &
 101     pid=$!
 102     cat > expected <<EOF
 103         E:      aslr
 104         I:      aslr
 105 EOF
 106     secflags $pid | grep '[IE]:' > output
 107     kill $pid
 108     diff -u expected output || exit 1
 109 }
 110 
 111 child_add() {
 112     echo "Add (child)"
 113 
 114     typeset pid;
 115 
 116     /usr/bin/psecflags -s aslr $$
 117     /usr/bin/psecflags -s current,noexecstack -e sleep 10000 &
 118     pid=$!
 119     cat > expected <<EOF
 120         E:      aslr,noexecstack
 121         I:      aslr,noexecstack
 122 EOF
 123     secflags $pid | grep '[IE]:' > output
 124     kill $pid
 125     /usr/bin/psecflags -s none $$
 126     diff -u expected output || exit 1
 127 }
 128 
 129 child_remove() {
 130     echo "Remove (child)"
 131 
 132     typeset pid;
 133 
 134     /usr/bin/psecflags -s aslr $$
 135     /usr/bin/psecflags -s current,-aslr -e sleep 10000 &
 136     pid=$!
 137     cat > expected <<EOF
 138         E:      none
 139         I:      none
 140 EOF
 141     secflags $pid | grep '[IE]:' > output
 142     kill $pid
 143     /usr/bin/psecflags -s none $$
 144     diff -u expected output || exit 1
 145 }
 146 
 147 child_all() {
 148     echo "All (child)"
 149 
 150     typeset pid ret
 151 
 152     /usr/bin/psecflags -s all -e sleep 10000 &
 153     pid=$!
 154     secflags $pid | grep -q 'E:.*,.*,' # This is lame, but functional
 155     ret=$?
 156     kill $pid
 157     (( $ret != 0 )) && exit $ret
 158 }
 159 
 160 child_none() {
 161     echo "None (child)"
 162 
 163     typeset pid
 164 
 165     /usr/bin/psecflags -s all $$
 166 
 167     /usr/bin/psecflags -s none -e sleep 10000 &
 168     pid=$!
 169     cat > expected <<EOF
 170         E:      none
 171         I:      none
 172 EOF
 173     secflags $pid | grep '[IE]:' > output
 174     kill $pid
 175     diff -u expected output || exit 1
 176 }
 177 
 178 list() {
 179     echo "List"
 180     cat > expected<<EOF
 181 aslr
 182 forbidnullmap
 183 noexecstack
 184 EOF
 185 
 186     /usr/bin/psecflags -l > output
 187     diff -u expected output || exit 1
 188 }
 189 
 190 self_set
 191 self_add
 192 self_remove
 193 self_all
 194 self_none
 195 child_set
 196 child_add
 197 child_remove
 198 child_all
 199 child_none
 200 list
 201 
 202 exit 0