1 #! /usr/bin/ksh
2 #
3 #
4 # This file and its contents are supplied under the terms of the
5 # Common Development and Distribution License ("CDDL"), version 1.0.
6 # You may only use this file in accordance with the terms of version
7 # 1.0 of the CDDL.
8 #
9 # A full copy of the text of the CDDL should have accompanied this
10 # source. A copy of the CDDL is also available via the Internet at
11 # http://www.illumos.org/license/CDDL.
12 #
13
14 #
15 # Copyright 2015, Richard Lowe.
16 #
17
18 mkdir /tmp/$$-secflags-test
19 cd /tmp/$$-secflags-test
20
21 /usr/bin/psecflags -s none $$ # Clear ourselves out
22 cat > expected <<EOF
23 I: none
24 EOF
25
26 /usr/bin/psecflags $$ | grep I: > output
27 diff -u expected output || exit 1 # Make sure the setting of 'none' worked
28
29 cleanup() {
30 cd /
31 rm -fr /tmp/$$-secflags-test
32 }
33 trap cleanup EXIT
34
35 ## Tests of manipulating a running process (ourselves)
36
37 self_set() {
38 echo "Set (self)"
39 /usr/bin/psecflags -s aslr $$
40
41 cat > expected <<EOF
42 I: aslr
43 EOF
44
45 /usr/bin/psecflags $$ | grep I: > output
46 diff -u expected output || exit 1
47 }
48
49 self_add() {
50 echo "Add (self)"
51 /usr/bin/psecflags -s current,noexecstack $$
52 cat > expected <<EOF
53 I: aslr,noexecstack
54 EOF
55
56 /usr/bin/psecflags $$ | grep I: > output
57 diff -u expected output || exit 1
58 }
59
60 self_remove() {
61 echo "Remove (self)"
62 /usr/bin/psecflags -s current,-aslr $$
63 cat > expected <<EOF
64 I: noexecstack
65 EOF
66
67 /usr/bin/psecflags $$ | grep I: > output
68 diff -u expected output || exit 1
69 }
70
71 self_all() {
72 echo "All (self)"
73 /usr/bin/psecflags -s all $$
74 /usr/bin/psecflags $$ | grep -q 'I:.*,.*,' || exit 1 # This is lame, but functional
75 }
76
77 self_none() {
78 echo "None (self)"
79 /usr/bin/psecflags -s all $$
80 /usr/bin/psecflags -s none $$
81 cat > expected <<EOF
82 I: none
83 EOF
84 /usr/bin/psecflags $$ | grep I: > output
85 diff -u expected output || exit 1
86 }
87
88 child_set() {
89 echo "Set (child)"
90
91 typeset pid;
92
93 /usr/bin/psecflags -s aslr -e sleep 10000 &
94 pid=$!
95 cat > expected <<EOF
96 E: aslr
97 I: aslr
98 EOF
99 /usr/bin/psecflags $pid | grep '[IE]:' > output
100 kill $pid
101 diff -u expected output || exit 1
102 }
103
104 child_add() {
105 echo "Add (child)"
106
107 typeset pid;
108
109 /usr/bin/psecflags -s aslr $$
110 /usr/bin/psecflags -s current,noexecstack -e sleep 10000 &
111 pid=$!
112 cat > expected <<EOF
113 E: aslr,noexecstack
114 I: aslr,noexecstack
115 EOF
116 /usr/bin/psecflags $pid | grep '[IE]:' > output
117 kill $pid
118 /usr/bin/psecflags -s none $$
119 diff -u expected output || exit 1
120 }
121
122 child_remove() {
123 echo "Remove (child)"
124
125 typeset pid;
126
127 /usr/bin/psecflags -s aslr $$
128 /usr/bin/psecflags -s current,-aslr -e sleep 10000 &
129 pid=$!
130 cat > expected <<EOF
131 E: none
132 I: none
133 EOF
134 /usr/bin/psecflags $pid | grep '[IE]:' > output
135 kill $pid
136 /usr/bin/psecflags -s none $$
137 diff -u expected output || exit 1
138 }
139
140 child_all() {
141 echo "All (child)"
142
143 typeset pid ret
144
145 /usr/bin/psecflags -s all -e sleep 10000 &
146 pid=$!
147 /usr/bin/psecflags $pid | grep -q 'E:.*,.*,' # This is lame, but functional
148 ret=$?
149 kill $pid
150 (( $ret != 0 )) && exit $ret
151 }
152
153 child_none() {
154 echo "None (child)"
155
156 typeset pid
157
158 /usr/bin/psecflags -s all $$
159
160 /usr/bin/psecflags -s none -e sleep 10000 &
161 pid=$!
162 cat > expected <<EOF
163 E: none
164 I: none
165 EOF
166 /usr/bin/psecflags $pid | grep '[IE]:' > output
167 kill $pid
168 diff -u expected output || exit 1
169 }
170
171 list() {
172 echo "List"
173 cat > expected<<EOF
174 aslr
175 forbidnullmap
176 noexecstack
177 EOF
178
179 /usr/bin/psecflags -l > output
180 diff -u expected output || exit 1
181 }
182
183 self_set
184 self_add
185 self_remove
186 self_all
|
1 #! /usr/bin/ksh
2 #
3 #
4 # This file and its contents are supplied under the terms of the
5 # Common Development and Distribution License ("CDDL"), version 1.0.
6 # You may only use this file in accordance with the terms of version
7 # 1.0 of the CDDL.
8 #
9 # A full copy of the text of the CDDL should have accompanied this
10 # source. A copy of the CDDL is also available via the Internet at
11 # http://www.illumos.org/license/CDDL.
12 #
13
14 #
15 # Copyright 2015, Richard Lowe.
16 # Copyright 2019 Joyent, Inc.
17 #
18
19 # check secflags, waiting a little bit for the change to happen
20 secflags() {
21 sleep 1
22 /usr/bin/psecflags $*
23 }
24
25 mkdir /tmp/$$-secflags-test
26 cd /tmp/$$-secflags-test
27
28 /usr/bin/psecflags -s none $$ # Clear ourselves out
29 cat > expected <<EOF
30 I: none
31 EOF
32
33 secflags $$ | grep I: > output
34 diff -u expected output || exit 1 # Make sure the setting of 'none' worked
35
36 cleanup() {
37 cd /
38 rm -fr /tmp/$$-secflags-test
39 }
40 trap cleanup EXIT
41
42 ## Tests of manipulating a running process (ourselves)
43
44 self_set() {
45 echo "Set (self)"
46 /usr/bin/psecflags -s aslr $$
47
48 cat > expected <<EOF
49 I: aslr
50 EOF
51
52 secflags $$ | grep I: > output
53 diff -u expected output || exit 1
54 }
55
56 self_add() {
57 echo "Add (self)"
58 /usr/bin/psecflags -s current,noexecstack $$
59 cat > expected <<EOF
60 I: aslr,noexecstack
61 EOF
62
63 secflags $$ | grep I: > output
64 diff -u expected output || exit 1
65 }
66
67 self_remove() {
68 echo "Remove (self)"
69 /usr/bin/psecflags -s current,-aslr $$
70 cat > expected <<EOF
71 I: noexecstack
72 EOF
73
74 secflags $$ | grep I: > output
75 diff -u expected output || exit 1
76 }
77
78 self_all() {
79 echo "All (self)"
80 /usr/bin/psecflags -s all $$
81 secflags $$ | grep -q 'I:.*,.*,' || exit 1 # This is lame, but functional
82 }
83
84 self_none() {
85 echo "None (self)"
86 /usr/bin/psecflags -s all $$
87 /usr/bin/psecflags -s none $$
88 cat > expected <<EOF
89 I: none
90 EOF
91 secflags $$ | grep I: > output
92 diff -u expected output || exit 1
93 }
94
95 child_set() {
96 echo "Set (child)"
97
98 typeset pid;
99
100 /usr/bin/psecflags -s aslr -e sleep 10000 &
101 pid=$!
102 cat > expected <<EOF
103 E: aslr
104 I: aslr
105 EOF
106 secflags $pid | grep '[IE]:' > output
107 kill $pid
108 diff -u expected output || exit 1
109 }
110
111 child_add() {
112 echo "Add (child)"
113
114 typeset pid;
115
116 /usr/bin/psecflags -s aslr $$
117 /usr/bin/psecflags -s current,noexecstack -e sleep 10000 &
118 pid=$!
119 cat > expected <<EOF
120 E: aslr,noexecstack
121 I: aslr,noexecstack
122 EOF
123 secflags $pid | grep '[IE]:' > output
124 kill $pid
125 /usr/bin/psecflags -s none $$
126 diff -u expected output || exit 1
127 }
128
129 child_remove() {
130 echo "Remove (child)"
131
132 typeset pid;
133
134 /usr/bin/psecflags -s aslr $$
135 /usr/bin/psecflags -s current,-aslr -e sleep 10000 &
136 pid=$!
137 cat > expected <<EOF
138 E: none
139 I: none
140 EOF
141 secflags $pid | grep '[IE]:' > output
142 kill $pid
143 /usr/bin/psecflags -s none $$
144 diff -u expected output || exit 1
145 }
146
147 child_all() {
148 echo "All (child)"
149
150 typeset pid ret
151
152 /usr/bin/psecflags -s all -e sleep 10000 &
153 pid=$!
154 secflags $pid | grep -q 'E:.*,.*,' # This is lame, but functional
155 ret=$?
156 kill $pid
157 (( $ret != 0 )) && exit $ret
158 }
159
160 child_none() {
161 echo "None (child)"
162
163 typeset pid
164
165 /usr/bin/psecflags -s all $$
166
167 /usr/bin/psecflags -s none -e sleep 10000 &
168 pid=$!
169 cat > expected <<EOF
170 E: none
171 I: none
172 EOF
173 secflags $pid | grep '[IE]:' > output
174 kill $pid
175 diff -u expected output || exit 1
176 }
177
178 list() {
179 echo "List"
180 cat > expected<<EOF
181 aslr
182 forbidnullmap
183 noexecstack
184 EOF
185
186 /usr/bin/psecflags -l > output
187 diff -u expected output || exit 1
188 }
189
190 self_set
191 self_add
192 self_remove
193 self_all
|