xref: /titanic_51/usr/src/lib/libshell/common/tests/restricted.sh (revision a62774df315360f02521d6470eab7d5080137dad)
1########################################################################
2#                                                                      #
3#               This software is part of the ast package               #
4#          Copyright (c) 1982-2008 AT&T Intellectual Property          #
5#                      and is licensed under the                       #
6#                  Common Public License, Version 1.0                  #
7#                    by AT&T Intellectual Property                     #
8#                                                                      #
9#                A copy of the License is available at                 #
10#            http://www.opensource.org/licenses/cpl1.0.txt             #
11#         (with md5 checksum 059e8cd6165cb4c31e351f2b69388fd9)         #
12#                                                                      #
13#              Information and Software Systems Research               #
14#                            AT&T Research                             #
15#                           Florham Park NJ                            #
16#                                                                      #
17#                  David Korn <dgk@research.att.com>                   #
18#                                                                      #
19########################################################################
20function err_exit
21{
22	print -u2 -n "\t"
23	print -u2 -r ${Command}[$1]: "${@:2}"
24	let Errors+=1
25}
26alias err_exit='err_exit $LINENO'
27
28# test restricted shell
29Command=${0##*/}
30integer Errors=0
31mkdir  /tmp/ksh$$ || err_exit "mkdir /tmp/ksh$$ failed"
32trap "cd /; rm -rf /tmp/ksh$$" EXIT
33pwd=$PWD
34case $SHELL in
35/*)	;;
36*/*)	SHELL=$pwd/$SHELL;;
37*)	SHELL=$(whence "$SHELL");;
38esac
39function check_restricted
40{
41	rm -f out
42	rksh -c "$@" 2> out > /dev/null
43	grep restricted out  > /dev/null 2>&1
44}
45
46[[ $SHELL != /* ]] && SHELL=$pwd/$SHELL
47cd /tmp/ksh$$ || err_exit "cd /tmp/ksh$$ failed"
48ln -s $SHELL rksh
49PATH=$PWD:$PATH
50rksh -c  '[[ -o restricted ]]' || err_exit 'restricted option not set'
51[[ $(rksh -c 'print hello') == hello ]] || err_exit 'unable to run print'
52check_restricted /bin/echo || err_exit '/bin/echo not resticted'
53check_restricted ./echo || err_exit './echo not resticted'
54check_restricted 'SHELL=ksh' || err_exit 'SHELL asignment not resticted'
55check_restricted 'PATH=/bin' || err_exit 'PATH asignment not resticted'
56check_restricted 'FPATH=/bin' || err_exit 'FPATH asignment not resticted'
57check_restricted 'ENV=/bin' || err_exit 'ENV asignment not resticted'
58check_restricted 'print > file' || err_exit '> file not restricted'
59> empty
60check_restricted 'print <> empty' || err_exit '<> file not restricted'
61print 'echo hello' > script
62chmod +x ./script
63! check_restricted script ||  err_exit 'script without builtins should run in restricted mode'
64check_restricted ./script ||  err_exit 'script with / in name should not run in restricted mode'
65print '/bin/echo hello' > script
66! check_restricted script ||  err_exit 'script with pathnames should run in restricted mode'
67print 'echo hello> file' > script
68! check_restricted script ||  err_exit 'script with output redirection should run in restricted mode'
69print 'PATH=/bin' > script
70! check_restricted script ||  err_exit 'script with PATH assignment should run in restricted mode'
71cat > script <<!
72#! $SHELL
73print hello
74!
75! check_restricted 'script;:' ||  err_exit 'script with #! pathname should run in restricted mode'
76! check_restricted 'script' ||  err_exit 'script with #! pathname should run in restricted mode even if last command in script'
77exit $((Errors))
78