xref: /titanic_41/usr/src/lib/libshell/common/tests/restricted.sh (revision 4445fffbbb1ea25fd0e9ea68b9380dd7a6709025) 
1########################################################################
2#                                                                      #
3#               This software is part of the ast package               #
4#          Copyright (c) 1982-2010 AT&T Intellectual Property          #
5#                      and is licensed under the                       #
6#                  Common Public License, Version 1.0                  #
7#                    by AT&T Intellectual Property                     #
8#                                                                      #
9#                A copy of the License is available at                 #
10#            http://www.opensource.org/licenses/cpl1.0.txt             #
11#         (with md5 checksum 059e8cd6165cb4c31e351f2b69388fd9)         #
12#                                                                      #
13#              Information and Software Systems Research               #
14#                            AT&T Research                             #
15#                           Florham Park NJ                            #
16#                                                                      #
17#                  David Korn <dgk@research.att.com>                   #
18#                                                                      #
19########################################################################
20function err_exit
21{
22	print -u2 -n "\t"
23	print -u2 -r ${Command}[$1]: "${@:2}"
24	let Errors+=1
25}
26alias err_exit='err_exit $LINENO'
27
28Command=${0##*/}
29integer Errors=0
30
31tmp=$(mktemp -dt) || { err_exit mktemp -dt failed; exit 1; }
32trap "cd /; rm -rf $tmp" EXIT
33
34# test restricted shell
35pwd=$PWD
36case $SHELL in
37/*)	;;
38*/*)	SHELL=$pwd/$SHELL;;
39*)	SHELL=$(whence "$SHELL");;
40esac
41function check_restricted
42{
43	rm -f out
44	rksh -c "$@" 2> out > /dev/null
45	grep restricted out  > /dev/null 2>&1
46}
47
48[[ $SHELL != /* ]] && SHELL=$pwd/$SHELL
49cd $tmp || err_exit "cd $tmp failed"
50ln -s $SHELL rksh
51PATH=$PWD:$PATH
52rksh -c  '[[ -o restricted ]]' || err_exit 'restricted option not set'
53[[ $(rksh -c 'print hello') == hello ]] || err_exit 'unable to run print'
54check_restricted /bin/echo || err_exit '/bin/echo not resticted'
55check_restricted ./echo || err_exit './echo not resticted'
56check_restricted 'SHELL=ksh' || err_exit 'SHELL asignment not resticted'
57check_restricted 'PATH=/bin' || err_exit 'PATH asignment not resticted'
58check_restricted 'FPATH=/bin' || err_exit 'FPATH asignment not resticted'
59check_restricted 'ENV=/bin' || err_exit 'ENV asignment not resticted'
60check_restricted 'print > file' || err_exit '> file not restricted'
61> empty
62check_restricted 'print <> empty' || err_exit '<> file not restricted'
63print 'echo hello' > script
64chmod +x ./script
65! check_restricted script ||  err_exit 'script without builtins should run in restricted mode'
66check_restricted ./script ||  err_exit 'script with / in name should not run in restricted mode'
67print '/bin/echo hello' > script
68! check_restricted script ||  err_exit 'script with pathnames should run in restricted mode'
69print 'echo hello> file' > script
70! check_restricted script ||  err_exit 'script with output redirection should run in restricted mode'
71print 'PATH=/bin' > script
72! check_restricted script ||  err_exit 'script with PATH assignment should run in restricted mode'
73cat > script <<!
74#! $SHELL
75print hello
76!
77! check_restricted 'script;:' ||  err_exit 'script with #! pathname should run in restricted mode'
78! check_restricted 'script' ||  err_exit 'script with #! pathname should run in restricted mode even if last command in script'
79for i in PATH ENV FPATH
80do	check_restricted  "function foo { typeset $i=foobar;};foo" || err_exit "$i can be changed in function by using typeset"
81done
82exit $((Errors))
83