1 #! /usr/bin/ksh
   2 #
   3 #
   4 # This file and its contents are supplied under the terms of the
   5 # Common Development and Distribution License ("CDDL"), version 1.0.
   6 # You may only use this file in accordance with the terms of version
   7 # 1.0 of the CDDL.
   8 #
   9 # A full copy of the text of the CDDL should have accompanied this
  10 # source.  A copy of the CDDL is also available via the Internet at
  11 # http://www.illumos.org/license/CDDL.
  12 #
  13 
  14 #
  15 # Copyright 2015, Richard Lowe.
  16 #
  17 
  18 mkdir /tmp/secflags-test.$$
  19 cd /tmp/secflags-test.$$
  20 
  21 cleanup() {
  22     kill $pid >/dev/null 2>&1
  23     cd /
  24     rm -fr /tmp/secflags-test.$$
  25 }
  26 
  27 trap cleanup EXIT
  28 
  29 # Check that lower implies setting of inheritable
  30 echo "Setting lower also adds to inheritable" 
  31 /usr/bin/psecflags -s L=aslr $$
  32 
  33 cat > expected <<EOF
  34         I:      aslr
  35 EOF
  36 /usr/bin/psecflags $$ | grep 'I:' > output
  37 
  38 diff -u expected output || exit 1
  39 
  40 echo "Setting in lower cannot be removed from inheritable"
  41 /usr/bin/psecflags -s I=current,-aslr $$ 2>/dev/null && exit 1
  42 
  43 echo "Setting in lower cannot be removed"
  44 /usr/bin/psecflags -s L=current,-aslr $$ 2>/dev/null && exit 1
  45 
  46 
  47 echo "Setting in lower cannot be removed from upper"
  48 /usr/bin/psecflags -s U=current,-aslr $$ 2>/devlnull && exit 1
  49 
  50 /usr/bin/psecflags -s U=current,-noexecstack $$
  51 
  52 echo "Setting in default cannot exceed upper"
  53 /usr/bin/psecflags -s I=noexecstack $$ 2>/dev/null && exit 1
  54 
  55 echo "Setting cannot ever be added to upper"
  56 /usr/bin/psecflags -s U=current,+noexecstack $$ 2>/dev/null && exit 1
  57 
  58 exit 0
  59 
  60