xref: /titanic_44/usr/src/lib/libshell/common/tests/restricted.sh (revision 3e14f97f673e8a630f076077de35afdd43dc1587) 
17c2fbfb3SApril Chin########################################################################
27c2fbfb3SApril Chin#                                                                      #
37c2fbfb3SApril Chin#               This software is part of the ast package               #
4*3e14f97fSRoger A. Faulkner#          Copyright (c) 1982-2010 AT&T Intellectual Property          #
57c2fbfb3SApril Chin#                      and is licensed under the                       #
67c2fbfb3SApril Chin#                  Common Public License, Version 1.0                  #
77c2fbfb3SApril Chin#                    by AT&T Intellectual Property                     #
87c2fbfb3SApril Chin#                                                                      #
97c2fbfb3SApril Chin#                A copy of the License is available at                 #
107c2fbfb3SApril Chin#            http://www.opensource.org/licenses/cpl1.0.txt             #
117c2fbfb3SApril Chin#         (with md5 checksum 059e8cd6165cb4c31e351f2b69388fd9)         #
127c2fbfb3SApril Chin#                                                                      #
137c2fbfb3SApril Chin#              Information and Software Systems Research               #
147c2fbfb3SApril Chin#                            AT&T Research                             #
157c2fbfb3SApril Chin#                           Florham Park NJ                            #
167c2fbfb3SApril Chin#                                                                      #
177c2fbfb3SApril Chin#                  David Korn <dgk@research.att.com>                   #
187c2fbfb3SApril Chin#                                                                      #
197c2fbfb3SApril Chin########################################################################
207c2fbfb3SApril Chinfunction err_exit
217c2fbfb3SApril Chin{
227c2fbfb3SApril Chin	print -u2 -n "\t"
237c2fbfb3SApril Chin	print -u2 -r ${Command}[$1]: "${@:2}"
247c2fbfb3SApril Chin	let Errors+=1
257c2fbfb3SApril Chin}
267c2fbfb3SApril Chinalias err_exit='err_exit $LINENO'
277c2fbfb3SApril Chin
287c2fbfb3SApril ChinCommand=${0##*/}
297c2fbfb3SApril Chininteger Errors=0
3034f9b3eeSRoland Mainz
3134f9b3eeSRoland Mainztmp=$(mktemp -dt) || { err_exit mktemp -dt failed; exit 1; }
3234f9b3eeSRoland Mainztrap "cd /; rm -rf $tmp" EXIT
3334f9b3eeSRoland Mainz
3434f9b3eeSRoland Mainz# test restricted shell
357c2fbfb3SApril Chinpwd=$PWD
367c2fbfb3SApril Chincase $SHELL in
377c2fbfb3SApril Chin/*)	;;
387c2fbfb3SApril Chin*/*)	SHELL=$pwd/$SHELL;;
397c2fbfb3SApril Chin*)	SHELL=$(whence "$SHELL");;
407c2fbfb3SApril Chinesac
417c2fbfb3SApril Chinfunction check_restricted
427c2fbfb3SApril Chin{
437c2fbfb3SApril Chin	rm -f out
447c2fbfb3SApril Chin	rksh -c "$@" 2> out > /dev/null
457c2fbfb3SApril Chin	grep restricted out  > /dev/null 2>&1
467c2fbfb3SApril Chin}
477c2fbfb3SApril Chin
487c2fbfb3SApril Chin[[ $SHELL != /* ]] && SHELL=$pwd/$SHELL
4934f9b3eeSRoland Mainzcd $tmp || err_exit "cd $tmp failed"
507c2fbfb3SApril Chinln -s $SHELL rksh
517c2fbfb3SApril ChinPATH=$PWD:$PATH
527c2fbfb3SApril Chinrksh -c  '[[ -o restricted ]]' || err_exit 'restricted option not set'
537c2fbfb3SApril Chin[[ $(rksh -c 'print hello') == hello ]] || err_exit 'unable to run print'
547c2fbfb3SApril Chincheck_restricted /bin/echo || err_exit '/bin/echo not resticted'
557c2fbfb3SApril Chincheck_restricted ./echo || err_exit './echo not resticted'
567c2fbfb3SApril Chincheck_restricted 'SHELL=ksh' || err_exit 'SHELL asignment not resticted'
577c2fbfb3SApril Chincheck_restricted 'PATH=/bin' || err_exit 'PATH asignment not resticted'
587c2fbfb3SApril Chincheck_restricted 'FPATH=/bin' || err_exit 'FPATH asignment not resticted'
597c2fbfb3SApril Chincheck_restricted 'ENV=/bin' || err_exit 'ENV asignment not resticted'
607c2fbfb3SApril Chincheck_restricted 'print > file' || err_exit '> file not restricted'
617c2fbfb3SApril Chin> empty
627c2fbfb3SApril Chincheck_restricted 'print <> empty' || err_exit '<> file not restricted'
637c2fbfb3SApril Chinprint 'echo hello' > script
647c2fbfb3SApril Chinchmod +x ./script
657c2fbfb3SApril Chin! check_restricted script ||  err_exit 'script without builtins should run in restricted mode'
667c2fbfb3SApril Chincheck_restricted ./script ||  err_exit 'script with / in name should not run in restricted mode'
677c2fbfb3SApril Chinprint '/bin/echo hello' > script
687c2fbfb3SApril Chin! check_restricted script ||  err_exit 'script with pathnames should run in restricted mode'
697c2fbfb3SApril Chinprint 'echo hello> file' > script
707c2fbfb3SApril Chin! check_restricted script ||  err_exit 'script with output redirection should run in restricted mode'
717c2fbfb3SApril Chinprint 'PATH=/bin' > script
727c2fbfb3SApril Chin! check_restricted script ||  err_exit 'script with PATH assignment should run in restricted mode'
737c2fbfb3SApril Chincat > script <<!
747c2fbfb3SApril Chin#! $SHELL
757c2fbfb3SApril Chinprint hello
767c2fbfb3SApril Chin!
777c2fbfb3SApril Chin! check_restricted 'script;:' ||  err_exit 'script with #! pathname should run in restricted mode'
787c2fbfb3SApril Chin! check_restricted 'script' ||  err_exit 'script with #! pathname should run in restricted mode even if last command in script'
7934f9b3eeSRoland Mainzfor i in PATH ENV FPATH
8034f9b3eeSRoland Mainzdo	check_restricted  "function foo { typeset $i=foobar;};foo" || err_exit "$i can be changed in function by using typeset"
8134f9b3eeSRoland Mainzdone
827c2fbfb3SApril Chinexit $((Errors))
83