Print this page
11838 secflag tests are racy
   1 #! /usr/bin/ksh
   2 #
   3 #
   4 # This file and its contents are supplied under the terms of the
   5 # Common Development and Distribution License ("CDDL"), version 1.0.
   6 # You may only use this file in accordance with the terms of version
   7 # 1.0 of the CDDL.
   8 #
   9 # A full copy of the text of the CDDL should have accompanied this
  10 # source.  A copy of the CDDL is also available via the Internet at
  11 # http://www.illumos.org/license/CDDL.
  12 #
  13 
  14 #
  15 # Copyright 2015, Richard Lowe.

  16 #
  17 






  18 mkdir /tmp/$$-secflags-test
  19 cd /tmp/$$-secflags-test
  20 
  21 /usr/bin/psecflags -s none $$   # Clear ourselves out
  22 cat > expected <<EOF
  23         I:      none
  24 EOF
  25 
  26 /usr/bin/psecflags $$ | grep I: > output
  27 diff -u expected output || exit 1 # Make sure the setting of 'none' worked
  28 
  29 cleanup() {
  30     cd /
  31     rm -fr /tmp/$$-secflags-test
  32 }
  33 trap cleanup EXIT
  34 
  35 ## Tests of manipulating a running process (ourselves)
  36 
  37 self_set() {
  38     echo "Set (self)"
  39     /usr/bin/psecflags -s aslr $$
  40 
  41     cat > expected <<EOF
  42         I:      aslr
  43 EOF
  44 
  45     /usr/bin/psecflags $$ | grep I: > output
  46     diff -u expected output || exit 1
  47 }
  48 
  49 self_add() {
  50     echo "Add (self)"
  51     /usr/bin/psecflags -s current,noexecstack $$
  52     cat > expected <<EOF
  53         I:      aslr,noexecstack
  54 EOF
  55 
  56     /usr/bin/psecflags $$ | grep I: > output
  57     diff -u expected output || exit 1
  58 }
  59 
  60 self_remove() {
  61     echo "Remove (self)"
  62     /usr/bin/psecflags -s current,-aslr $$
  63     cat > expected <<EOF
  64         I:      noexecstack
  65 EOF
  66 
  67     /usr/bin/psecflags $$ | grep I: > output
  68     diff -u expected output || exit 1
  69 }
  70 
  71 self_all() {
  72     echo "All (self)"
  73     /usr/bin/psecflags -s all $$
  74     /usr/bin/psecflags $$ | grep -q 'I:.*,.*,' || exit 1 # This is lame, but functional
  75 }
  76 
  77 self_none() {
  78     echo "None (self)"
  79     /usr/bin/psecflags -s all $$
  80     /usr/bin/psecflags -s none $$
  81     cat > expected <<EOF
  82         I:      none
  83 EOF
  84     /usr/bin/psecflags $$ | grep I: > output
  85     diff -u expected output || exit 1
  86 }
  87 
  88 child_set() {
  89     echo "Set (child)"
  90 
  91     typeset pid; 
  92 
  93     /usr/bin/psecflags -s aslr -e sleep 10000 &
  94     pid=$!
  95     cat > expected <<EOF
  96         E:      aslr
  97         I:      aslr
  98 EOF
  99     /usr/bin/psecflags $pid | grep '[IE]:' > output
 100     kill $pid
 101     diff -u expected output || exit 1
 102 }
 103 
 104 child_add() {
 105     echo "Add (child)"
 106 
 107     typeset pid; 
 108 
 109     /usr/bin/psecflags -s aslr $$
 110     /usr/bin/psecflags -s current,noexecstack -e sleep 10000 &
 111     pid=$!
 112     cat > expected <<EOF
 113         E:      aslr,noexecstack
 114         I:      aslr,noexecstack
 115 EOF
 116     /usr/bin/psecflags $pid | grep '[IE]:' > output
 117     kill $pid
 118     /usr/bin/psecflags -s none $$
 119     diff -u expected output || exit 1
 120 }
 121 
 122 child_remove() {
 123     echo "Remove (child)"
 124 
 125     typeset pid; 
 126 
 127     /usr/bin/psecflags -s aslr $$
 128     /usr/bin/psecflags -s current,-aslr -e sleep 10000 &
 129     pid=$!
 130     cat > expected <<EOF
 131         E:      none
 132         I:      none
 133 EOF
 134     /usr/bin/psecflags $pid | grep '[IE]:' > output
 135     kill $pid
 136     /usr/bin/psecflags -s none $$
 137     diff -u expected output || exit 1
 138 }
 139 
 140 child_all() {
 141     echo "All (child)"
 142 
 143     typeset pid ret
 144 
 145     /usr/bin/psecflags -s all -e sleep 10000 &
 146     pid=$!
 147     /usr/bin/psecflags $pid | grep -q 'E:.*,.*,' # This is lame, but functional
 148     ret=$?
 149     kill $pid
 150     (( $ret != 0 )) && exit $ret
 151 }
 152 
 153 child_none() {
 154     echo "None (child)"
 155 
 156     typeset pid
 157     
 158     /usr/bin/psecflags -s all $$
 159 
 160     /usr/bin/psecflags -s none -e sleep 10000 &
 161     pid=$!
 162     cat > expected <<EOF
 163         E:      none
 164         I:      none
 165 EOF
 166     /usr/bin/psecflags $pid | grep '[IE]:' > output
 167     kill $pid
 168     diff -u expected output || exit 1
 169 }
 170 
 171 list() {
 172     echo "List"
 173     cat > expected<<EOF
 174 aslr
 175 forbidnullmap
 176 noexecstack
 177 EOF
 178 
 179     /usr/bin/psecflags -l > output
 180     diff -u expected output || exit 1
 181 }
 182 
 183 self_set
 184 self_add
 185 self_remove
 186 self_all
   1 #! /usr/bin/ksh
   2 #
   3 #
   4 # This file and its contents are supplied under the terms of the
   5 # Common Development and Distribution License ("CDDL"), version 1.0.
   6 # You may only use this file in accordance with the terms of version
   7 # 1.0 of the CDDL.
   8 #
   9 # A full copy of the text of the CDDL should have accompanied this
  10 # source.  A copy of the CDDL is also available via the Internet at
  11 # http://www.illumos.org/license/CDDL.
  12 #
  13 
  14 #
  15 # Copyright 2015, Richard Lowe.
  16 # Copyright 2019 Joyent, Inc.
  17 #
  18 
  19 # check secflags, waiting a little bit for the change to happen
  20 secflags() {
  21     sleep 1
  22     /usr/bin/psecflags $*
  23 }
  24 
  25 mkdir /tmp/$$-secflags-test
  26 cd /tmp/$$-secflags-test
  27 
  28 /usr/bin/psecflags -s none $$   # Clear ourselves out
  29 cat > expected <<EOF
  30         I:      none
  31 EOF
  32 
  33 secflags $$ | grep I: > output
  34 diff -u expected output || exit 1 # Make sure the setting of 'none' worked
  35 
  36 cleanup() {
  37     cd /
  38     rm -fr /tmp/$$-secflags-test
  39 }
  40 trap cleanup EXIT
  41 
  42 ## Tests of manipulating a running process (ourselves)
  43 
  44 self_set() {
  45     echo "Set (self)"
  46     /usr/bin/psecflags -s aslr $$
  47 
  48     cat > expected <<EOF
  49         I:      aslr
  50 EOF
  51 
  52     secflags $$ | grep I: > output
  53     diff -u expected output || exit 1
  54 }
  55 
  56 self_add() {
  57     echo "Add (self)"
  58     /usr/bin/psecflags -s current,noexecstack $$
  59     cat > expected <<EOF
  60         I:      aslr,noexecstack
  61 EOF
  62 
  63     secflags $$ | grep I: > output
  64     diff -u expected output || exit 1
  65 }
  66 
  67 self_remove() {
  68     echo "Remove (self)"
  69     /usr/bin/psecflags -s current,-aslr $$
  70     cat > expected <<EOF
  71         I:      noexecstack
  72 EOF
  73 
  74     secflags $$ | grep I: > output
  75     diff -u expected output || exit 1
  76 }
  77 
  78 self_all() {
  79     echo "All (self)"
  80     /usr/bin/psecflags -s all $$
  81     secflags $$ | grep -q 'I:.*,.*,' || exit 1 # This is lame, but functional
  82 }
  83 
  84 self_none() {
  85     echo "None (self)"
  86     /usr/bin/psecflags -s all $$
  87     /usr/bin/psecflags -s none $$
  88     cat > expected <<EOF
  89         I:      none
  90 EOF
  91     secflags $$ | grep I: > output
  92     diff -u expected output || exit 1
  93 }
  94 
  95 child_set() {
  96     echo "Set (child)"
  97 
  98     typeset pid;
  99 
 100     /usr/bin/psecflags -s aslr -e sleep 10000 &
 101     pid=$!
 102     cat > expected <<EOF
 103         E:      aslr
 104         I:      aslr
 105 EOF
 106     secflags $pid | grep '[IE]:' > output
 107     kill $pid
 108     diff -u expected output || exit 1
 109 }
 110 
 111 child_add() {
 112     echo "Add (child)"
 113 
 114     typeset pid;
 115 
 116     /usr/bin/psecflags -s aslr $$
 117     /usr/bin/psecflags -s current,noexecstack -e sleep 10000 &
 118     pid=$!
 119     cat > expected <<EOF
 120         E:      aslr,noexecstack
 121         I:      aslr,noexecstack
 122 EOF
 123     secflags $pid | grep '[IE]:' > output
 124     kill $pid
 125     /usr/bin/psecflags -s none $$
 126     diff -u expected output || exit 1
 127 }
 128 
 129 child_remove() {
 130     echo "Remove (child)"
 131 
 132     typeset pid;
 133 
 134     /usr/bin/psecflags -s aslr $$
 135     /usr/bin/psecflags -s current,-aslr -e sleep 10000 &
 136     pid=$!
 137     cat > expected <<EOF
 138         E:      none
 139         I:      none
 140 EOF
 141     secflags $pid | grep '[IE]:' > output
 142     kill $pid
 143     /usr/bin/psecflags -s none $$
 144     diff -u expected output || exit 1
 145 }
 146 
 147 child_all() {
 148     echo "All (child)"
 149 
 150     typeset pid ret
 151 
 152     /usr/bin/psecflags -s all -e sleep 10000 &
 153     pid=$!
 154     secflags $pid | grep -q 'E:.*,.*,' # This is lame, but functional
 155     ret=$?
 156     kill $pid
 157     (( $ret != 0 )) && exit $ret
 158 }
 159 
 160 child_none() {
 161     echo "None (child)"
 162 
 163     typeset pid
 164 
 165     /usr/bin/psecflags -s all $$
 166 
 167     /usr/bin/psecflags -s none -e sleep 10000 &
 168     pid=$!
 169     cat > expected <<EOF
 170         E:      none
 171         I:      none
 172 EOF
 173     secflags $pid | grep '[IE]:' > output
 174     kill $pid
 175     diff -u expected output || exit 1
 176 }
 177 
 178 list() {
 179     echo "List"
 180     cat > expected<<EOF
 181 aslr
 182 forbidnullmap
 183 noexecstack
 184 EOF
 185 
 186     /usr/bin/psecflags -l > output
 187     diff -u expected output || exit 1
 188 }
 189 
 190 self_set
 191 self_add
 192 self_remove
 193 self_all