tests/secflags/secflags_psecflags.sh

d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe#! /usr/bin/ksh
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe#
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe#
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe# This file and its contents are supplied under the terms of the
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe# Common Development and Distribution License ("CDDL"), version 1.0.
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe# You may only use this file in accordance with the terms of version
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe# 1.0 of the CDDL.
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe#
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe# A full copy of the text of the CDDL should have accompanied this
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe# source.  A copy of the CDDL is also available via the Internet at
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe# http://www.illumos.org/license/CDDL.
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe#
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe#
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe# Copyright 2015, Richard Lowe.
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe#
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowemkdir /tmp/$$-secflags-test
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowecd /tmp/$$-secflags-test
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe/usr/bin/psecflags -s none $$   # Clear ourselves out
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowecat > expected <<EOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    I:  none
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard LoweEOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe/usr/bin/psecflags $$ | grep I: > output
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowediff -u expected output || exit 1 # Make sure the setting of 'none' worked
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowecleanup() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    cd /
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    rm -fr /tmp/$$-secflags-test
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowetrap cleanup EXIT
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe## Tests of manipulating a running process (ourselves)
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweself_set() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    echo "Set (self)"
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s aslr $$
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    cat > expected <<EOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    I:  aslr
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard LoweEOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags $$ | grep I: > output
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    diff -u expected output || exit 1
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweself_add() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    echo "Add (self)"
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s current,noexecstack $$
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    cat > expected <<EOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    I:  aslr,noexecstack
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard LoweEOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags $$ | grep I: > output
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    diff -u expected output || exit 1
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweself_remove() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    echo "Remove (self)"
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s current,-aslr $$
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    cat > expected <<EOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    I:  noexecstack
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard LoweEOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags $$ | grep I: > output
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    diff -u expected output || exit 1
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweself_all() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    echo "All (self)"
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s all $$
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags $$ | grep -q 'I:.*,.*,' || exit 1 # This is lame, but functional
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweself_none() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    echo "None (self)"
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s all $$
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s none $$
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    cat > expected <<EOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    I:  none
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard LoweEOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags $$ | grep I: > output
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    diff -u expected output || exit 1
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowechild_set() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    echo "Set (child)"
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    typeset pid;
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s aslr -e sleep 10000 &
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    pid=$!
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    cat > expected <<EOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    E:  aslr
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    I:  aslr
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard LoweEOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags $pid | grep '[IE]:' > output
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    kill $pid
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    diff -u expected output || exit 1
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowechild_add() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    echo "Add (child)"
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    typeset pid;
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s aslr $$
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s current,noexecstack -e sleep 10000 &
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    pid=$!
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    cat > expected <<EOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    E:  aslr,noexecstack
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    I:  aslr,noexecstack
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard LoweEOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags $pid | grep '[IE]:' > output
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    kill $pid
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s none $$
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    diff -u expected output || exit 1
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowechild_remove() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    echo "Remove (child)"
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    typeset pid;
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s aslr $$
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s current,-aslr -e sleep 10000 &
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    pid=$!
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    cat > expected <<EOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    E:  none
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    I:  none
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard LoweEOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags $pid | grep '[IE]:' > output
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    kill $pid
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s none $$
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    diff -u expected output || exit 1
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowechild_all() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    echo "All (child)"
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    typeset pid ret
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s all -e sleep 10000 &
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    pid=$!
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags $pid | grep -q 'E:.*,.*,' # This is lame, but functional
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    ret=$?
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    kill $pid
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    (( $ret != 0 )) && exit $ret
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowechild_none() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    echo "None (child)"
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    typeset pid
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s all $$
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -s none -e sleep 10000 &
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    pid=$!
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    cat > expected <<EOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    E:  none
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    I:  none
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard LoweEOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags $pid | grep '[IE]:' > output
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    kill $pid
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    diff -u expected output || exit 1
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowelist() {
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    echo "List"
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    cat > expected<<EOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweaslr
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweforbidnullmap
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowenoexecstack
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard LoweEOF
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    /usr/bin/psecflags -l > output
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe    diff -u expected output || exit 1
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe}
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweself_set
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweself_add
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweself_remove
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweself_all
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweself_none
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowechild_set
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowechild_add
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowechild_remove
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowechild_all
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowechild_none
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowelist
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Lowe
d2a70789f056fc6c9ce3ab047b52126d80b0e3daRichard Loweexit 0