1d2a70789SRichard Lowe#! /usr/bin/ksh 2d2a70789SRichard Lowe# 3d2a70789SRichard Lowe# 4d2a70789SRichard Lowe# This file and its contents are supplied under the terms of the 5d2a70789SRichard Lowe# Common Development and Distribution License ("CDDL"), version 1.0. 6d2a70789SRichard Lowe# You may only use this file in accordance with the terms of version 7d2a70789SRichard Lowe# 1.0 of the CDDL. 8d2a70789SRichard Lowe# 9d2a70789SRichard Lowe# A full copy of the text of the CDDL should have accompanied this 10d2a70789SRichard Lowe# source. A copy of the CDDL is also available via the Internet at 11d2a70789SRichard Lowe# http://www.illumos.org/license/CDDL. 12d2a70789SRichard Lowe# 13d2a70789SRichard Lowe 14d2a70789SRichard Lowe# 15d2a70789SRichard Lowe# Copyright 2015, Richard Lowe. 16*fdfb6e57SJohn Levon# Copyright 2019 Joyent, Inc. 17d2a70789SRichard Lowe# 18d2a70789SRichard Lowe 19*fdfb6e57SJohn Levon# check secflags, waiting a little bit for the change to happen 20*fdfb6e57SJohn Levonsecflags() { 21*fdfb6e57SJohn Levon sleep 1 22*fdfb6e57SJohn Levon /usr/bin/psecflags $* 23*fdfb6e57SJohn Levon} 24*fdfb6e57SJohn Levon 25d2a70789SRichard Lowemkdir /tmp/$$-secflags-test 26d2a70789SRichard Lowecd /tmp/$$-secflags-test 27d2a70789SRichard Lowe 28d2a70789SRichard Lowe/usr/bin/psecflags -s none $$ # Clear ourselves out 29d2a70789SRichard Lowecat > expected <<EOF 30d2a70789SRichard Lowe I: none 31d2a70789SRichard LoweEOF 32d2a70789SRichard Lowe 33*fdfb6e57SJohn Levonsecflags $$ | grep I: > output 34d2a70789SRichard Lowediff -u expected output || exit 1 # Make sure the setting of 'none' worked 35d2a70789SRichard Lowe 36d2a70789SRichard Lowecleanup() { 37d2a70789SRichard Lowe cd / 38d2a70789SRichard Lowe rm -fr /tmp/$$-secflags-test 39d2a70789SRichard Lowe} 40d2a70789SRichard Lowetrap cleanup EXIT 41d2a70789SRichard Lowe 42d2a70789SRichard Lowe## Tests of manipulating a running process (ourselves) 43d2a70789SRichard Lowe 44d2a70789SRichard Loweself_set() { 45d2a70789SRichard Lowe echo "Set (self)" 46d2a70789SRichard Lowe /usr/bin/psecflags -s aslr $$ 47d2a70789SRichard Lowe 48d2a70789SRichard Lowe cat > expected <<EOF 49d2a70789SRichard Lowe I: aslr 50d2a70789SRichard LoweEOF 51d2a70789SRichard Lowe 52*fdfb6e57SJohn Levon secflags $$ | grep I: > output 53d2a70789SRichard Lowe diff -u expected output || exit 1 54d2a70789SRichard Lowe} 55d2a70789SRichard Lowe 56d2a70789SRichard Loweself_add() { 57d2a70789SRichard Lowe echo "Add (self)" 58d2a70789SRichard Lowe /usr/bin/psecflags -s current,noexecstack $$ 59d2a70789SRichard Lowe cat > expected <<EOF 60d2a70789SRichard Lowe I: aslr,noexecstack 61d2a70789SRichard LoweEOF 62d2a70789SRichard Lowe 63*fdfb6e57SJohn Levon secflags $$ | grep I: > output 64d2a70789SRichard Lowe diff -u expected output || exit 1 65d2a70789SRichard Lowe} 66d2a70789SRichard Lowe 67d2a70789SRichard Loweself_remove() { 68d2a70789SRichard Lowe echo "Remove (self)" 69d2a70789SRichard Lowe /usr/bin/psecflags -s current,-aslr $$ 70d2a70789SRichard Lowe cat > expected <<EOF 71d2a70789SRichard Lowe I: noexecstack 72d2a70789SRichard LoweEOF 73d2a70789SRichard Lowe 74*fdfb6e57SJohn Levon secflags $$ | grep I: > output 75d2a70789SRichard Lowe diff -u expected output || exit 1 76d2a70789SRichard Lowe} 77d2a70789SRichard Lowe 78d2a70789SRichard Loweself_all() { 79d2a70789SRichard Lowe echo "All (self)" 80d2a70789SRichard Lowe /usr/bin/psecflags -s all $$ 81*fdfb6e57SJohn Levon secflags $$ | grep -q 'I:.*,.*,' || exit 1 # This is lame, but functional 82d2a70789SRichard Lowe} 83d2a70789SRichard Lowe 84d2a70789SRichard Loweself_none() { 85d2a70789SRichard Lowe echo "None (self)" 86d2a70789SRichard Lowe /usr/bin/psecflags -s all $$ 87d2a70789SRichard Lowe /usr/bin/psecflags -s none $$ 88d2a70789SRichard Lowe cat > expected <<EOF 89d2a70789SRichard Lowe I: none 90d2a70789SRichard LoweEOF 91*fdfb6e57SJohn Levon secflags $$ | grep I: > output 92d2a70789SRichard Lowe diff -u expected output || exit 1 93d2a70789SRichard Lowe} 94d2a70789SRichard Lowe 95d2a70789SRichard Lowechild_set() { 96d2a70789SRichard Lowe echo "Set (child)" 97d2a70789SRichard Lowe 98d2a70789SRichard Lowe typeset pid; 99d2a70789SRichard Lowe 100d2a70789SRichard Lowe /usr/bin/psecflags -s aslr -e sleep 10000 & 101d2a70789SRichard Lowe pid=$! 102d2a70789SRichard Lowe cat > expected <<EOF 103d2a70789SRichard Lowe E: aslr 104d2a70789SRichard Lowe I: aslr 105d2a70789SRichard LoweEOF 106*fdfb6e57SJohn Levon secflags $pid | grep '[IE]:' > output 107d2a70789SRichard Lowe kill $pid 108d2a70789SRichard Lowe diff -u expected output || exit 1 109d2a70789SRichard Lowe} 110d2a70789SRichard Lowe 111d2a70789SRichard Lowechild_add() { 112d2a70789SRichard Lowe echo "Add (child)" 113d2a70789SRichard Lowe 114d2a70789SRichard Lowe typeset pid; 115d2a70789SRichard Lowe 116d2a70789SRichard Lowe /usr/bin/psecflags -s aslr $$ 117d2a70789SRichard Lowe /usr/bin/psecflags -s current,noexecstack -e sleep 10000 & 118d2a70789SRichard Lowe pid=$! 119d2a70789SRichard Lowe cat > expected <<EOF 120d2a70789SRichard Lowe E: aslr,noexecstack 121d2a70789SRichard Lowe I: aslr,noexecstack 122d2a70789SRichard LoweEOF 123*fdfb6e57SJohn Levon secflags $pid | grep '[IE]:' > output 124d2a70789SRichard Lowe kill $pid 125d2a70789SRichard Lowe /usr/bin/psecflags -s none $$ 126d2a70789SRichard Lowe diff -u expected output || exit 1 127d2a70789SRichard Lowe} 128d2a70789SRichard Lowe 129d2a70789SRichard Lowechild_remove() { 130d2a70789SRichard Lowe echo "Remove (child)" 131d2a70789SRichard Lowe 132d2a70789SRichard Lowe typeset pid; 133d2a70789SRichard Lowe 134d2a70789SRichard Lowe /usr/bin/psecflags -s aslr $$ 135d2a70789SRichard Lowe /usr/bin/psecflags -s current,-aslr -e sleep 10000 & 136d2a70789SRichard Lowe pid=$! 137d2a70789SRichard Lowe cat > expected <<EOF 138d2a70789SRichard Lowe E: none 139d2a70789SRichard Lowe I: none 140d2a70789SRichard LoweEOF 141*fdfb6e57SJohn Levon secflags $pid | grep '[IE]:' > output 142d2a70789SRichard Lowe kill $pid 143d2a70789SRichard Lowe /usr/bin/psecflags -s none $$ 144d2a70789SRichard Lowe diff -u expected output || exit 1 145d2a70789SRichard Lowe} 146d2a70789SRichard Lowe 147d2a70789SRichard Lowechild_all() { 148d2a70789SRichard Lowe echo "All (child)" 149d2a70789SRichard Lowe 150d2a70789SRichard Lowe typeset pid ret 151d2a70789SRichard Lowe 152d2a70789SRichard Lowe /usr/bin/psecflags -s all -e sleep 10000 & 153d2a70789SRichard Lowe pid=$! 154*fdfb6e57SJohn Levon secflags $pid | grep -q 'E:.*,.*,' # This is lame, but functional 155d2a70789SRichard Lowe ret=$? 156d2a70789SRichard Lowe kill $pid 157d2a70789SRichard Lowe (( $ret != 0 )) && exit $ret 158d2a70789SRichard Lowe} 159d2a70789SRichard Lowe 160d2a70789SRichard Lowechild_none() { 161d2a70789SRichard Lowe echo "None (child)" 162d2a70789SRichard Lowe 163d2a70789SRichard Lowe typeset pid 164d2a70789SRichard Lowe 165d2a70789SRichard Lowe /usr/bin/psecflags -s all $$ 166d2a70789SRichard Lowe 167d2a70789SRichard Lowe /usr/bin/psecflags -s none -e sleep 10000 & 168d2a70789SRichard Lowe pid=$! 169d2a70789SRichard Lowe cat > expected <<EOF 170d2a70789SRichard Lowe E: none 171d2a70789SRichard Lowe I: none 172d2a70789SRichard LoweEOF 173*fdfb6e57SJohn Levon secflags $pid | grep '[IE]:' > output 174d2a70789SRichard Lowe kill $pid 175d2a70789SRichard Lowe diff -u expected output || exit 1 176d2a70789SRichard Lowe} 177d2a70789SRichard Lowe 178d2a70789SRichard Lowelist() { 179d2a70789SRichard Lowe echo "List" 180d2a70789SRichard Lowe cat > expected<<EOF 181d2a70789SRichard Loweaslr 182d2a70789SRichard Loweforbidnullmap 183d2a70789SRichard Lowenoexecstack 184d2a70789SRichard LoweEOF 185d2a70789SRichard Lowe 186d2a70789SRichard Lowe /usr/bin/psecflags -l > output 187d2a70789SRichard Lowe diff -u expected output || exit 1 188d2a70789SRichard Lowe} 189d2a70789SRichard Lowe 190d2a70789SRichard Loweself_set 191d2a70789SRichard Loweself_add 192d2a70789SRichard Loweself_remove 193d2a70789SRichard Loweself_all 194d2a70789SRichard Loweself_none 195d2a70789SRichard Lowechild_set 196d2a70789SRichard Lowechild_add 197d2a70789SRichard Lowechild_remove 198d2a70789SRichard Lowechild_all 199d2a70789SRichard Lowechild_none 200d2a70789SRichard Lowelist 201d2a70789SRichard Lowe 202d2a70789SRichard Loweexit 0 203