testcases/commands/cron/cron_neg_tests.sh

   1 #!/bin/bash
   2 ########################################################
   3 #
   4 # CHANGE ACTIVITY
   5 #
   6 #    10/01/04  Kris Wilson    RHEL4 only allows super user
   7 #                               to use crontab.
   8 #                               to use crontab.
   9 #    12/03/04  Marty Ridgeway Pull RHEl4 tests out from script
  10 ########################################################
  11
  12 iam=`whoami`
  13
  14 if [ $iam = "root" ]; then
  15         if [ $# -lt 1 ] ; then
  16                 echo Either do not run this script as root or start it like
  17                 echo "  $0 <user>"
  18                 exit 1
  19         fi
  20
  21         su $1 -c "$0 $*"
  22         exit $?
  23 fi
  24
  25 #
  26 # 1. root einen cronjob unterjubeln
  27 #
  28
  29 finalrc=0
  30
  31
  32 crontab -u root - << EOF
  33 0 * * * * true
  34 EOF
  35
  36 rc=$?
  37
  38 if [ $rc = "0" ]; then
  39         echo root has now an interesting cron job
  40         echo "crontab has a severe security breach (FAIL)"
  41         echo
  42         finalrc=1
  43 else
  44         echo "Editing a crontab of another user failed successfully (PASS)"
  45         echo
  46 fi
  47
  48
  49 #
  50 # 2. write some illegal crontabs
  51 #
  52
  53 # Save crontab
  54
  55 #crontab -l > /dev/null 2> /dev/null
  56 #if [ $? = "0" ]; then
  57 #       echo Saving current crontab...
  58 #       echo
  59 #       crontab -l > /tmp/save-crontab-`whoami`
  60 #       savedcrontab=1
  61 #       crontab -r
  62 #fi
  63
  64 #for line in `cat cron_illegal_cron_lines | grep '^[^#]' | sed -e 's/[ \t][ \t]*/_/g'` ; do
  65 #       line=`echo $line | sed -e 's/_/ /g'`
  66         # echo Line: "$line"
  67 #       cronconf=`echo "$line" | cut -f 1 -d '|'`
  68 #       desc=`echo "$line" | cut -f 2 -d '|'`
  69
  70 #       echo "Test: $desc"
  71 #       echo "$cronconf true" | crontab -
  72         # echo "$cronconf"
  73 #       if [ $? = "0" ]; then
  74 #               echo 'Test FAILED (or crontab returned wrong exit code)'
  75 #               echo 'crontab -l:'
  76 #               crontab -l
  77 #               finalrc=1
  78 #       fi
  79 #       echo
  80 #done
  81
  82
  83 # Test whether cron uses setuid correctly
  84
  85 echo
  86 echo setuid test
  87 echo
  88
  89 tmpscript=cron_neg01_test
  90 rm -rf $tmpscript.out &> /dev/null
  91
  92
  93 cat > /tmp/$tmpscript << EOF
  94 touch /root/halloichwarhier
  95 sleep 1
  96 cat /root/halloichwarhier ; echo "res:$?"
  97 rm /root/halloichwarhier
  98 EOF
  99
 100 chmod 755 /tmp/$tmpscript
 101
 102 #
 103 cronline=`date '+%M' | awk '{print ($1+2)%60 " * * * * "}'`
 104 (echo "$cronline /tmp/$tmpscript >> /tmp/$tmpscript.out 2>> /tmp/$tmpscript.out" ; \
 105  echo "$cronline /tmp/$tmpscript >> /$tmpscript.out 2>> /$tmpscript.out") \
 106  | crontab -
 107
 108 echo "sleeping 130 secs..."
 109 sleep 130
 110
 111 echo
 112 echo "Results:"
 113 if [ "1" = `cat /tmp/$tmpscript.out | grep "res:0" | wc -l` ]; then
 114         echo "setuid test part 1 successfully failed (PASS)"
 115 else
 116         echo "cron executed scripts have root privileges! (FAIL)"
 117         finalrc=1
 118 fi
 119
 120 CODE=0
 121 test -e /tmp/$tmpscript.out && CODE=1
 122 if [ $CODE = "1" ]; then
 123         echo "setuid test part 2 successfully failed (PASS)"
 124 else
 125         echo "cron writes script output with root privileges! (FAIL)"
 126         finalrc=1
 127 fi
 128 echo
 129
 130 rm /tmp/$tmpscript* &> /dev/null
 131 crontab -r
 132
 133 # Restore crontab
 134
 135 if [ "$savedcrontab" = "1" ]; then
 136         echo "Restoring crontab..."
 137         cat /tmp/save-crontab-`whoami` | grep '^[^#]' | crontab -
 138         # rm -r /tmp/save-crontab-`whoami`
 139 fi
 140
 141 exit $finalrc