1#! /usr/bin/ksh 2# 3# 4# This file and its contents are supplied under the terms of the 5# Common Development and Distribution License ("CDDL"), version 1.0. 6# You may only use this file in accordance with the terms of version 7# 1.0 of the CDDL. 8# 9# A full copy of the text of the CDDL should have accompanied this 10# source. A copy of the CDDL is also available via the Internet at 11# http://www.illumos.org/license/CDDL. 12# 13 14# 15# Copyright 2015, Richard Lowe. 16# Copyright 2019 Joyent, Inc. 17# 18 19# check secflags, waiting a little bit for the change to happen 20secflags() { 21 sleep 1 22 /usr/bin/psecflags $* 23} 24 25mkdir /tmp/$$-secflags-test 26cd /tmp/$$-secflags-test 27 28/usr/bin/psecflags -s none $$ # Clear ourselves out 29cat > expected <<EOF 30 I: none 31EOF 32 33secflags $$ | grep I: > output 34diff -u expected output || exit 1 # Make sure the setting of 'none' worked 35 36cleanup() { 37 cd / 38 rm -fr /tmp/$$-secflags-test 39} 40trap cleanup EXIT 41 42## Tests of manipulating a running process (ourselves) 43 44self_set() { 45 echo "Set (self)" 46 /usr/bin/psecflags -s aslr $$ 47 48 cat > expected <<EOF 49 I: aslr 50EOF 51 52 secflags $$ | grep I: > output 53 diff -u expected output || exit 1 54} 55 56self_add() { 57 echo "Add (self)" 58 /usr/bin/psecflags -s current,noexecstack $$ 59 cat > expected <<EOF 60 I: aslr,noexecstack 61EOF 62 63 secflags $$ | grep I: > output 64 diff -u expected output || exit 1 65} 66 67self_remove() { 68 echo "Remove (self)" 69 /usr/bin/psecflags -s current,-aslr $$ 70 cat > expected <<EOF 71 I: noexecstack 72EOF 73 74 secflags $$ | grep I: > output 75 diff -u expected output || exit 1 76} 77 78self_all() { 79 echo "All (self)" 80 /usr/bin/psecflags -s all $$ 81 secflags $$ | grep -q 'I:.*,.*,' || exit 1 # This is lame, but functional 82} 83 84self_none() { 85 echo "None (self)" 86 /usr/bin/psecflags -s all $$ 87 /usr/bin/psecflags -s none $$ 88 cat > expected <<EOF 89 I: none 90EOF 91 secflags $$ | grep I: > output 92 diff -u expected output || exit 1 93} 94 95child_set() { 96 echo "Set (child)" 97 98 typeset pid; 99 100 /usr/bin/psecflags -s aslr -e sleep 10000 & 101 pid=$! 102 cat > expected <<EOF 103 E: aslr 104 I: aslr 105EOF 106 secflags $pid | grep '[IE]:' > output 107 kill $pid 108 diff -u expected output || exit 1 109} 110 111child_add() { 112 echo "Add (child)" 113 114 typeset pid; 115 116 /usr/bin/psecflags -s aslr $$ 117 /usr/bin/psecflags -s current,noexecstack -e sleep 10000 & 118 pid=$! 119 cat > expected <<EOF 120 E: aslr,noexecstack 121 I: aslr,noexecstack 122EOF 123 secflags $pid | grep '[IE]:' > output 124 kill $pid 125 /usr/bin/psecflags -s none $$ 126 diff -u expected output || exit 1 127} 128 129child_remove() { 130 echo "Remove (child)" 131 132 typeset pid; 133 134 /usr/bin/psecflags -s aslr $$ 135 /usr/bin/psecflags -s current,-aslr -e sleep 10000 & 136 pid=$! 137 cat > expected <<EOF 138 E: none 139 I: none 140EOF 141 secflags $pid | grep '[IE]:' > output 142 kill $pid 143 /usr/bin/psecflags -s none $$ 144 diff -u expected output || exit 1 145} 146 147child_all() { 148 echo "All (child)" 149 150 typeset pid ret 151 152 /usr/bin/psecflags -s all -e sleep 10000 & 153 pid=$! 154 secflags $pid | grep -q 'E:.*,.*,' # This is lame, but functional 155 ret=$? 156 kill $pid 157 (( $ret != 0 )) && exit $ret 158} 159 160child_none() { 161 echo "None (child)" 162 163 typeset pid 164 165 /usr/bin/psecflags -s all $$ 166 167 /usr/bin/psecflags -s none -e sleep 10000 & 168 pid=$! 169 cat > expected <<EOF 170 E: none 171 I: none 172EOF 173 secflags $pid | grep '[IE]:' > output 174 kill $pid 175 diff -u expected output || exit 1 176} 177 178list() { 179 echo "List" 180 cat > expected<<EOF 181aslr 182forbidnullmap 183noexecstack 184EOF 185 186 /usr/bin/psecflags -l > output 187 diff -u expected output || exit 1 188} 189 190self_set 191self_add 192self_remove 193self_all 194self_none 195child_set 196child_add 197child_remove 198child_all 199child_none 200list 201 202exit 0 203