1*8462SApril.Chin@Sun.COM######################################################################## 2*8462SApril.Chin@Sun.COM# # 3*8462SApril.Chin@Sun.COM# This software is part of the ast package # 4*8462SApril.Chin@Sun.COM# Copyright (c) 1982-2008 AT&T Intellectual Property # 5*8462SApril.Chin@Sun.COM# and is licensed under the # 6*8462SApril.Chin@Sun.COM# Common Public License, Version 1.0 # 7*8462SApril.Chin@Sun.COM# by AT&T Intellectual Property # 8*8462SApril.Chin@Sun.COM# # 9*8462SApril.Chin@Sun.COM# A copy of the License is available at # 10*8462SApril.Chin@Sun.COM# http://www.opensource.org/licenses/cpl1.0.txt # 11*8462SApril.Chin@Sun.COM# (with md5 checksum 059e8cd6165cb4c31e351f2b69388fd9) # 12*8462SApril.Chin@Sun.COM# # 13*8462SApril.Chin@Sun.COM# Information and Software Systems Research # 14*8462SApril.Chin@Sun.COM# AT&T Research # 15*8462SApril.Chin@Sun.COM# Florham Park NJ # 16*8462SApril.Chin@Sun.COM# # 17*8462SApril.Chin@Sun.COM# David Korn <dgk@research.att.com> # 18*8462SApril.Chin@Sun.COM# # 19*8462SApril.Chin@Sun.COM######################################################################## 20*8462SApril.Chin@Sun.COMfunction err_exit 21*8462SApril.Chin@Sun.COM{ 22*8462SApril.Chin@Sun.COM print -u2 -n "\t" 23*8462SApril.Chin@Sun.COM print -u2 -r ${Command}[$1]: "${@:2}" 24*8462SApril.Chin@Sun.COM let Errors+=1 25*8462SApril.Chin@Sun.COM} 26*8462SApril.Chin@Sun.COMalias err_exit='err_exit $LINENO' 27*8462SApril.Chin@Sun.COM 28*8462SApril.Chin@Sun.COM# test restricted shell 29*8462SApril.Chin@Sun.COMCommand=${0##*/} 30*8462SApril.Chin@Sun.COMinteger Errors=0 31*8462SApril.Chin@Sun.COMmkdir /tmp/ksh$$ || err_exit "mkdir /tmp/ksh$$ failed" 32*8462SApril.Chin@Sun.COMtrap "cd /; rm -rf /tmp/ksh$$" EXIT 33*8462SApril.Chin@Sun.COMpwd=$PWD 34*8462SApril.Chin@Sun.COMcase $SHELL in 35*8462SApril.Chin@Sun.COM/*) ;; 36*8462SApril.Chin@Sun.COM*/*) SHELL=$pwd/$SHELL;; 37*8462SApril.Chin@Sun.COM*) SHELL=$(whence "$SHELL");; 38*8462SApril.Chin@Sun.COMesac 39*8462SApril.Chin@Sun.COMfunction check_restricted 40*8462SApril.Chin@Sun.COM{ 41*8462SApril.Chin@Sun.COM rm -f out 42*8462SApril.Chin@Sun.COM rksh -c "$@" 2> out > /dev/null 43*8462SApril.Chin@Sun.COM grep restricted out > /dev/null 2>&1 44*8462SApril.Chin@Sun.COM} 45*8462SApril.Chin@Sun.COM 46*8462SApril.Chin@Sun.COM[[ $SHELL != /* ]] && SHELL=$pwd/$SHELL 47*8462SApril.Chin@Sun.COMcd /tmp/ksh$$ || err_exit "cd /tmp/ksh$$ failed" 48*8462SApril.Chin@Sun.COMln -s $SHELL rksh 49*8462SApril.Chin@Sun.COMPATH=$PWD:$PATH 50*8462SApril.Chin@Sun.COMrksh -c '[[ -o restricted ]]' || err_exit 'restricted option not set' 51*8462SApril.Chin@Sun.COM[[ $(rksh -c 'print hello') == hello ]] || err_exit 'unable to run print' 52*8462SApril.Chin@Sun.COMcheck_restricted /bin/echo || err_exit '/bin/echo not resticted' 53*8462SApril.Chin@Sun.COMcheck_restricted ./echo || err_exit './echo not resticted' 54*8462SApril.Chin@Sun.COMcheck_restricted 'SHELL=ksh' || err_exit 'SHELL asignment not resticted' 55*8462SApril.Chin@Sun.COMcheck_restricted 'PATH=/bin' || err_exit 'PATH asignment not resticted' 56*8462SApril.Chin@Sun.COMcheck_restricted 'FPATH=/bin' || err_exit 'FPATH asignment not resticted' 57*8462SApril.Chin@Sun.COMcheck_restricted 'ENV=/bin' || err_exit 'ENV asignment not resticted' 58*8462SApril.Chin@Sun.COMcheck_restricted 'print > file' || err_exit '> file not restricted' 59*8462SApril.Chin@Sun.COM> empty 60*8462SApril.Chin@Sun.COMcheck_restricted 'print <> empty' || err_exit '<> file not restricted' 61*8462SApril.Chin@Sun.COMprint 'echo hello' > script 62*8462SApril.Chin@Sun.COMchmod +x ./script 63*8462SApril.Chin@Sun.COM! check_restricted script || err_exit 'script without builtins should run in restricted mode' 64*8462SApril.Chin@Sun.COMcheck_restricted ./script || err_exit 'script with / in name should not run in restricted mode' 65*8462SApril.Chin@Sun.COMprint '/bin/echo hello' > script 66*8462SApril.Chin@Sun.COM! check_restricted script || err_exit 'script with pathnames should run in restricted mode' 67*8462SApril.Chin@Sun.COMprint 'echo hello> file' > script 68*8462SApril.Chin@Sun.COM! check_restricted script || err_exit 'script with output redirection should run in restricted mode' 69*8462SApril.Chin@Sun.COMprint 'PATH=/bin' > script 70*8462SApril.Chin@Sun.COM! check_restricted script || err_exit 'script with PATH assignment should run in restricted mode' 71*8462SApril.Chin@Sun.COMcat > script <<! 72*8462SApril.Chin@Sun.COM#! $SHELL 73*8462SApril.Chin@Sun.COMprint hello 74*8462SApril.Chin@Sun.COM! 75*8462SApril.Chin@Sun.COM! check_restricted 'script;:' || err_exit 'script with #! pathname should run in restricted mode' 76*8462SApril.Chin@Sun.COM! check_restricted 'script' || err_exit 'script with #! pathname should run in restricted mode even if last command in script' 77*8462SApril.Chin@Sun.COMexit $((Errors)) 78