|
Packit Service |
a8c26c |
########################################################################
|
|
Packit Service |
a8c26c |
# #
|
|
Packit Service |
a8c26c |
# This software is part of the ast package #
|
|
Packit Service |
a8c26c |
# Copyright (c) 1982-2011 AT&T Intellectual Property #
|
|
Packit Service |
a8c26c |
# and is licensed under the #
|
|
Packit Service |
a8c26c |
# Eclipse Public License, Version 1.0 #
|
|
Packit Service |
a8c26c |
# by AT&T Intellectual Property #
|
|
Packit Service |
a8c26c |
# #
|
|
Packit Service |
a8c26c |
# A copy of the License is available at #
|
|
Packit Service |
a8c26c |
# http://www.eclipse.org/org/documents/epl-v10.html #
|
|
Packit Service |
a8c26c |
# (with md5 checksum b35adb5213ca9657e911e9befb180842) #
|
|
Packit Service |
a8c26c |
# #
|
|
Packit Service |
a8c26c |
# Information and Software Systems Research #
|
|
Packit Service |
a8c26c |
# AT&T Research #
|
|
Packit Service |
a8c26c |
# Florham Park NJ #
|
|
Packit Service |
a8c26c |
# #
|
|
Packit Service |
a8c26c |
# David Korn <dgk@research.att.com> #
|
|
Packit Service |
a8c26c |
# #
|
|
Packit Service |
a8c26c |
########################################################################
|
|
Packit Service |
a8c26c |
function err_exit
|
|
Packit Service |
a8c26c |
{
|
|
Packit Service |
a8c26c |
print -u2 -n "\t"
|
|
Packit Service |
a8c26c |
print -u2 -r ${Command}[$1]: "${@:2}"
|
|
Packit Service |
a8c26c |
let Errors+=1
|
|
Packit Service |
a8c26c |
}
|
|
Packit Service |
a8c26c |
alias err_exit='err_exit $LINENO'
|
|
Packit Service |
a8c26c |
|
|
Packit Service |
a8c26c |
Command=${0##*/}
|
|
Packit Service |
a8c26c |
integer Errors=0
|
|
Packit Service |
a8c26c |
|
|
Packit Service |
a8c26c |
tmp=$(mktemp -dt) || { err_exit mktemp -dt failed; exit 1; }
|
|
Packit Service |
a8c26c |
trap "cd /; rm -rf $tmp" EXIT
|
|
Packit Service |
a8c26c |
|
|
Packit Service |
a8c26c |
# test restricted shell
|
|
Packit Service |
a8c26c |
pwd=$PWD
|
|
Packit Service |
a8c26c |
case $SHELL in
|
|
Packit Service |
a8c26c |
/*) ;;
|
|
Packit Service |
a8c26c |
*/*) SHELL=$pwd/$SHELL;;
|
|
Packit Service |
a8c26c |
*) SHELL=$(whence "$SHELL");;
|
|
Packit Service |
a8c26c |
esac
|
|
Packit Service |
a8c26c |
function check_restricted
|
|
Packit Service |
a8c26c |
{
|
|
Packit Service |
a8c26c |
rm -f out
|
|
Packit Service |
a8c26c |
LC_MESSAGES=C rksh -c "$@" 2> out > /dev/null
|
|
Packit Service |
a8c26c |
grep restricted out > /dev/null 2>&1
|
|
Packit Service |
a8c26c |
}
|
|
Packit Service |
a8c26c |
|
|
Packit Service |
a8c26c |
[[ $SHELL != /* ]] && SHELL=$pwd/$SHELL
|
|
Packit Service |
a8c26c |
cd $tmp || err_exit "cd $tmp failed"
|
|
Packit Service |
a8c26c |
ln -s $SHELL rksh
|
|
Packit Service |
a8c26c |
PATH=$PWD:$PATH
|
|
Packit Service |
a8c26c |
rksh -c '[[ -o restricted ]]' || err_exit 'restricted option not set'
|
|
Packit Service |
a8c26c |
[[ $(rksh -c 'print hello') == hello ]] || err_exit 'unable to run print'
|
|
Packit Service |
a8c26c |
check_restricted /bin/echo || err_exit '/bin/echo not resticted'
|
|
Packit Service |
a8c26c |
check_restricted ./echo || err_exit './echo not resticted'
|
|
Packit Service |
a8c26c |
check_restricted 'SHELL=ksh' || err_exit 'SHELL asignment not resticted'
|
|
Packit Service |
a8c26c |
check_restricted 'PATH=/bin' || err_exit 'PATH asignment not resticted'
|
|
Packit Service |
a8c26c |
check_restricted 'FPATH=/bin' || err_exit 'FPATH asignment not resticted'
|
|
Packit Service |
a8c26c |
check_restricted 'ENV=/bin' || err_exit 'ENV asignment not resticted'
|
|
Packit Service |
a8c26c |
check_restricted 'print > file' || err_exit '> file not restricted'
|
|
Packit Service |
a8c26c |
> empty
|
|
Packit Service |
a8c26c |
check_restricted 'print <> empty' || err_exit '<> file not restricted'
|
|
Packit Service |
a8c26c |
print 'echo hello' > script
|
|
Packit Service |
a8c26c |
chmod +x ./script
|
|
Packit Service |
a8c26c |
! check_restricted script || err_exit 'script without builtins should run in restricted mode'
|
|
Packit Service |
a8c26c |
check_restricted ./script || err_exit 'script with / in name should not run in restricted mode'
|
|
Packit Service |
a8c26c |
print '/bin/echo hello' > script
|
|
Packit Service |
a8c26c |
! check_restricted script || err_exit 'script with pathnames should run in restricted mode'
|
|
Packit Service |
a8c26c |
print 'echo hello> file' > script
|
|
Packit Service |
a8c26c |
! check_restricted script || err_exit 'script with output redirection should run in restricted mode'
|
|
Packit Service |
a8c26c |
print 'PATH=/bin' > script
|
|
Packit Service |
a8c26c |
! check_restricted script || err_exit 'script with PATH assignment should run in restricted mode'
|
|
Packit Service |
a8c26c |
cat > script <
|
|
Packit Service |
a8c26c |
#! $SHELL
|
|
Packit Service |
a8c26c |
print hello
|
|
Packit Service |
a8c26c |
!
|
|
Packit Service |
a8c26c |
! check_restricted 'script;:' || err_exit 'script with #! pathname should run in restricted mode'
|
|
Packit Service |
a8c26c |
! check_restricted 'script' || err_exit 'script with #! pathname should run in restricted mode even if last command in script'
|
|
Packit Service |
a8c26c |
for i in PATH ENV FPATH
|
|
Packit Service |
a8c26c |
do check_restricted "function foo { typeset $i=foobar;};foo" || err_exit "$i can be changed in function by using typeset"
|
|
Packit Service |
a8c26c |
done
|
|
Packit Service |
a8c26c |
|
|
Packit Service |
a8c26c |
exit $((Errors<125?Errors:125))
|