1
########################################################################
2
#                                                                      #
3
#               This software is part of the ast package               #
4
#          Copyright (c) 1982-2011 AT&T Intellectual Property          #
5
#                      and is licensed under the                       #
6
#                 Eclipse Public License, Version 1.0                  #
7
#                    by AT&T Intellectual Property                     #
8
#                                                                      #
9
#                A copy of the License is available at                 #
10
#          http://www.eclipse.org/org/documents/epl-v10.html           #
11
#         (with md5 checksum b35adb5213ca9657e911e9befb180842)         #
12
#                                                                      #
13
#              Information and Software Systems Research               #
14
#                            AT&T Research                             #
15
#                           Florham Park NJ                            #
16
#                                                                      #
17
#                  David Korn <[email protected]>                   #
18
#                                                                      #
19
########################################################################
20
function err_exit
21
{
22
	print -u2 -n "\t"
23
	print -u2 -r ${Command}[$1]: "${@:2}"
24
	let Errors+=1
25
}
26
alias err_exit='err_exit $LINENO'
27

28
Command=${0##*/}
29
integer Errors=0
30

31
tmp=$(mktemp -dt) || { err_exit mktemp -dt failed; exit 1; }
32
trap "cd /; rm -rf $tmp" EXIT
33

34
# test restricted shell
35
pwd=$PWD
36
case $SHELL in
37
/*)	;;
38
*/*)	SHELL=$pwd/$SHELL;;
39
*)	SHELL=$(whence "$SHELL");;
40
esac
41
function check_restricted
42
{
43
	rm -f out
44
	LC_MESSAGES=C rksh -c "$@" 2> out > /dev/null
45
	grep restricted out  > /dev/null 2>&1
46
}
47

48
[[ $SHELL != /* ]] && SHELL=$pwd/$SHELL
49
cd $tmp || err_exit "cd $tmp failed"
50
ln -s $SHELL rksh
51
PATH=$PWD:$PATH
52
rksh -c  '[[ -o restricted ]]' || err_exit 'restricted option not set'
53
[[ $(rksh -c 'print hello') == hello ]] || err_exit 'unable to run print'
54
check_restricted /bin/echo || err_exit '/bin/echo not resticted'
55
check_restricted ./echo || err_exit './echo not resticted'
56
check_restricted 'SHELL=ksh' || err_exit 'SHELL asignment not resticted'
57
check_restricted 'PATH=/bin' || err_exit 'PATH asignment not resticted'
58
check_restricted 'FPATH=/bin' || err_exit 'FPATH asignment not resticted'
59
check_restricted 'ENV=/bin' || err_exit 'ENV asignment not resticted'
60
check_restricted 'print > file' || err_exit '> file not restricted'
61
> empty
62
check_restricted 'print <> empty' || err_exit '<> file not restricted'
63
print 'echo hello' > script
64
chmod +x ./script
65
! check_restricted script ||  err_exit 'script without builtins should run in restricted mode'
66
check_restricted ./script ||  err_exit 'script with / in name should not run in restricted mode'
67
print '/bin/echo hello' > script
68
! check_restricted script ||  err_exit 'script with pathnames should run in restricted mode'
69
print 'echo hello> file' > script
70
! check_restricted script ||  err_exit 'script with output redirection should run in restricted mode'
71
print 'PATH=/bin' > script
72
! check_restricted script ||  err_exit 'script with PATH assignment should run in restricted mode'
73
cat > script <<!
74
#! $SHELL
75
print hello
76
!
77
! check_restricted 'script;:' ||  err_exit 'script with #! pathname should run in restricted mode'
78
! check_restricted 'script' ||  err_exit 'script with #! pathname should run in restricted mode even if last command in script'
79
for i in PATH ENV FPATH
80
do	check_restricted  "function foo { typeset $i=foobar;};foo" || err_exit "$i can be changed in function by using typeset"
81
done
82

83
exit $((Errors<125?Errors:125))
84

85