Merge branch 'main' into Temp_permission_table
This commit is contained in:
BritishTeapot
commit
e1846440bc
@ -4,8 +4,9 @@
|
|||||||
|
|
||||||
rm -rf ./protected
|
rm -rf ./protected
|
||||||
mkdir protected
|
mkdir protected
|
||||||
touch ./protected/do-not-remove ./protected/should-be-removed
|
touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth ./protected/perm000 ./protected/perm777 ./protected/this-name-is-wrong
|
||||||
echo "Free code, free world." >./protected/this-only
|
chmod 777 ./protected/perm777 ./protected/perm000
|
||||||
|
echo "Free code, free world." >./protected/motto
|
||||||
|
|
||||||
# set up the fake-zenity
|
# set up the fake-zenity
|
||||||
|
|
||||||
@ -18,42 +19,43 @@ valgrind -s ../build/icfs -o default_permissions ./protected &
|
|||||||
|
|
||||||
sleep 1
|
sleep 1
|
||||||
|
|
||||||
# Try to touch files in the directory
|
# create files
|
||||||
|
|
||||||
#echo \"manual\" >./protected/manual
|
|
||||||
|
|
||||||
zenity --set-fake-response no
|
zenity --set-fake-response no
|
||||||
echo "first" >./protected/first 2>/dev/null &&
|
touch ./protected/should-not-exist 2>/dev/null &&
|
||||||
echo "[ICFS-TEST]: echo can create protected/first despite access being denied!" ||
|
echo "[ICFS-TEST]: touch can create protected/should-not-exist despite access being denied!" ||
|
||||||
echo "[ICFS-TEST]: OK" # EACCESS
|
echo "[ICFS-TEST]: OK" # EACCESS
|
||||||
|
|
||||||
zenity --set-fake-response yes_tmp
|
zenity --set-fake-response yes_tmp
|
||||||
echo "second" >./protected/second 2>/dev/null &&
|
touch ./protected/should-exist 2>/dev/null &&
|
||||||
echo "[ICFS-TEST]: OK" ||
|
echo "[ICFS-TEST]: OK" ||
|
||||||
echo "[ICFS-TEST]: echo cannot create protected/second despite access being permitted!" # OK
|
echo "[ICFS-TEST]: touch cannot create protected/should-exist despite access being permitted!" # OK
|
||||||
|
|
||||||
# Test whether permissons work
|
# write to files
|
||||||
|
|
||||||
|
zenity --set-fake-response no
|
||||||
|
echo "Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." >./protected/truth 2>/dev/null &&
|
||||||
|
echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" ||
|
||||||
|
echo "[ICFS-TEST]: OK" # EACCESS
|
||||||
|
|
||||||
zenity --set-fake-response yes_tmp
|
zenity --set-fake-response yes_tmp
|
||||||
cat ./protected/first >/dev/null 2>/dev/null &&
|
echo "Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." >./protected/truth 2>/dev/null &&
|
||||||
echo "[ICFS-TEST]: cat can read a non-existant file ./protected/first!" ||
|
echo "[ICFS-TEST]: OK" ||
|
||||||
echo "[ICFS-TEST]: OK" # ENOENT
|
echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK
|
||||||
|
|
||||||
|
# Read files
|
||||||
|
|
||||||
|
zenity --set-fake-response no
|
||||||
|
cat ./protected/motto >/dev/null 2>/dev/null &&
|
||||||
|
echo "[ICFS-TEST]: cat can read protected/this-only despite access being denied!" ||
|
||||||
|
echo "[ICFS-TEST]: OK" # EACCESS
|
||||||
|
|
||||||
zenity --set-fake-response yes_tmp
|
zenity --set-fake-response yes_tmp
|
||||||
cat ./protected/second >/dev/null 2>/dev/null &&
|
cat ./protected/motto >/dev/null 2>/dev/null &&
|
||||||
echo "[ICFS-TEST]: OK" ||
|
echo "[ICFS-TEST]: OK" ||
|
||||||
echo "[ICFS-TEST]: cat cannot open protected/second despite access being permitted!" # "second"
|
echo "[ICFS-TEST]: echo cannot create protected/this-only despite access being permitted!" # "Free code, free world."
|
||||||
|
|
||||||
zenity --set-fake-response yes_tmp
|
# remove files
|
||||||
cat ./protected/this-only >/dev/null 2>/dev/null &&
|
|
||||||
echo "[ICFS-TEST]: OK" ||
|
|
||||||
echo "[ICFS-TEST]: echo cannot create protected/second despite access being permitted!" # "Free code, free world."
|
|
||||||
|
|
||||||
#parallel ::: "cat ./protected/sudo-only > /dev/null 2> /dev/null \
|
|
||||||
# && echo \"[ICFS-TEST]: cat can access files owned by root!\" \
|
|
||||||
# || echo \"[ICFS-TEST]: OK\"" # EACCESS
|
|
||||||
|
|
||||||
# test the removal
|
|
||||||
|
|
||||||
zenity --set-fake-response no
|
zenity --set-fake-response no
|
||||||
rm ./protected/do-not-remove >/dev/null 2>/dev/null &&
|
rm ./protected/do-not-remove >/dev/null 2>/dev/null &&
|
||||||
@ -65,6 +67,28 @@ rm ./protected/should-be-removed >/dev/null 2>/dev/null &&
|
|||||||
echo "[ICFS-TEST]: OK" ||
|
echo "[ICFS-TEST]: OK" ||
|
||||||
echo "[ICFS-TEST]: rm cannot unlink protected/should-be-removed despite access being permitted!" # OK
|
echo "[ICFS-TEST]: rm cannot unlink protected/should-be-removed despite access being permitted!" # OK
|
||||||
|
|
||||||
|
# rename files
|
||||||
|
|
||||||
|
zenity --set-fake-response no
|
||||||
|
mv ./protected/truth ./protected/lie 2>/dev/null &&
|
||||||
|
echo "[ICFS-TEST]: mv can rename protected/truth despite access being denied!" ||
|
||||||
|
echo "[ICFS-TEST]: OK" # EACCESS
|
||||||
|
zenity --set-fake-response yes_tmp
|
||||||
|
mv ./protected/this-name-is-wrong ./protected/this-name-is-correct 2>/dev/null &&
|
||||||
|
echo "[ICFS-TEST]: OK" ||
|
||||||
|
echo "[ICFS-TEST]: mv cannot rename should-be-removed to renamed-file despite access being permitted!" # OK
|
||||||
|
|
||||||
|
# change permissions
|
||||||
|
|
||||||
|
zenity --set-fake-response no
|
||||||
|
chmod 000 ./protected/perm777 2>/dev/null &&
|
||||||
|
echo "[ICFS-TEST]: chmod can change permissions of protected/perm777 despite access being denied!" ||
|
||||||
|
echo "[ICFS-TEST]: OK" # EACCESS
|
||||||
|
zenity --set-fake-response yes_tmp
|
||||||
|
chmod 000 ./protected/perm000 2>/dev/null &&
|
||||||
|
echo "[ICFS-TEST]: OK" ||
|
||||||
|
echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK
|
||||||
|
|
||||||
# unmount
|
# unmount
|
||||||
|
|
||||||
sleep 0.5
|
sleep 0.5
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user