1#! /usr/bin/ksh 2# 3# 4# This file and its contents are supplied under the terms of the 5# Common Development and Distribution License ("CDDL"), version 1.0. 6# You may only use this file in accordance with the terms of version 7# 1.0 of the CDDL. 8# 9# A full copy of the text of the CDDL should have accompanied this 10# source. A copy of the CDDL is also available via the Internet at 11# http://www.illumos.org/license/CDDL. 12# 13 14# 15# Copyright 2015, Richard Lowe. 16# 17 18mkdir /tmp/$$-secflags-test 19cd /tmp/$$-secflags-test 20 21/usr/bin/psecflags -s none $$ # Clear ourselves out 22cat > expected <<EOF 23 I: none 24EOF 25 26/usr/bin/psecflags $$ | grep I: > output 27diff -u expected output || exit 1 # Make sure the setting of 'none' worked 28 29cleanup() { 30 cd / 31 rm -fr /tmp/$$-secflags-test 32} 33trap cleanup EXIT 34 35## Tests of manipulating a running process (ourselves) 36 37self_set() { 38 echo "Set (self)" 39 /usr/bin/psecflags -s aslr $$ 40 41 cat > expected <<EOF 42 I: aslr 43EOF 44 45 /usr/bin/psecflags $$ | grep I: > output 46 diff -u expected output || exit 1 47} 48 49self_add() { 50 echo "Add (self)" 51 /usr/bin/psecflags -s current,noexecstack $$ 52 cat > expected <<EOF 53 I: aslr,noexecstack 54EOF 55 56 /usr/bin/psecflags $$ | grep I: > output 57 diff -u expected output || exit 1 58} 59 60self_remove() { 61 echo "Remove (self)" 62 /usr/bin/psecflags -s current,-aslr $$ 63 cat > expected <<EOF 64 I: noexecstack 65EOF 66 67 /usr/bin/psecflags $$ | grep I: > output 68 diff -u expected output || exit 1 69} 70 71self_all() { 72 echo "All (self)" 73 /usr/bin/psecflags -s all $$ 74 /usr/bin/psecflags $$ | grep -q 'I:.*,.*,' || exit 1 # This is lame, but functional 75} 76 77self_none() { 78 echo "None (self)" 79 /usr/bin/psecflags -s all $$ 80 /usr/bin/psecflags -s none $$ 81 cat > expected <<EOF 82 I: none 83EOF 84 /usr/bin/psecflags $$ | grep I: > output 85 diff -u expected output || exit 1 86} 87 88child_set() { 89 echo "Set (child)" 90 91 typeset pid; 92 93 /usr/bin/psecflags -s aslr -e sleep 10000 & 94 pid=$! 95 cat > expected <<EOF 96 E: aslr 97 I: aslr 98EOF 99 /usr/bin/psecflags $pid | grep '[IE]:' > output 100 kill $pid 101 diff -u expected output || exit 1 102} 103 104child_add() { 105 echo "Add (child)" 106 107 typeset pid; 108 109 /usr/bin/psecflags -s aslr $$ 110 /usr/bin/psecflags -s current,noexecstack -e sleep 10000 & 111 pid=$! 112 cat > expected <<EOF 113 E: aslr,noexecstack 114 I: aslr,noexecstack 115EOF 116 /usr/bin/psecflags $pid | grep '[IE]:' > output 117 kill $pid 118 /usr/bin/psecflags -s none $$ 119 diff -u expected output || exit 1 120} 121 122child_remove() { 123 echo "Remove (child)" 124 125 typeset pid; 126 127 /usr/bin/psecflags -s aslr $$ 128 /usr/bin/psecflags -s current,-aslr -e sleep 10000 & 129 pid=$! 130 cat > expected <<EOF 131 E: none 132 I: none 133EOF 134 /usr/bin/psecflags $pid | grep '[IE]:' > output 135 kill $pid 136 /usr/bin/psecflags -s none $$ 137 diff -u expected output || exit 1 138} 139 140child_all() { 141 echo "All (child)" 142 143 typeset pid ret 144 145 /usr/bin/psecflags -s all -e sleep 10000 & 146 pid=$! 147 /usr/bin/psecflags $pid | grep -q 'E:.*,.*,' # This is lame, but functional 148 ret=$? 149 kill $pid 150 (( $ret != 0 )) && exit $ret 151} 152 153child_none() { 154 echo "None (child)" 155 156 typeset pid 157 158 /usr/bin/psecflags -s all $$ 159 160 /usr/bin/psecflags -s none -e sleep 10000 & 161 pid=$! 162 cat > expected <<EOF 163 E: none 164 I: none 165EOF 166 /usr/bin/psecflags $pid | grep '[IE]:' > output 167 kill $pid 168 diff -u expected output || exit 1 169} 170 171list() { 172 echo "List" 173 cat > expected<<EOF 174aslr 175forbidnullmap 176noexecstack 177EOF 178 179 /usr/bin/psecflags -l > output 180 diff -u expected output || exit 1 181} 182 183self_set 184self_add 185self_remove 186self_all 187self_none 188child_set 189child_add 190child_remove 191child_all 192child_none 193list 194 195exit 0 196