Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/sudo/TESTING
changeset 5497 862a4276da0f
parent 1830 93243cb310c5
child 7301 0853d00f0cd4
child 7409 f574f35f5142
equal deleted inserted replaced
5496:4870e9e5e06b 5497:862a4276da0f 
     9 sudo -V | grep version
 
     9 sudo -V | grep version
 
    10 
    10 
    11 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
    11 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
    12 
    12 
    13 # Test digest feature
 
    13 # Test digest feature
 
       
    14 
       
    15 # Make sure that the following line is commented out in /etc/sudoers:
 
       
    16 # ALL    ALL=(ALL) NOPASSWD: ALL
 
    14 
    17 
    15 openssl dgst -sha224 /usr/bin/ls # make note of the hash
 
    18 openssl dgst -sha224 /usr/bin/ls # make note of the hash
 
    16 
    19 
    17 # Add this line to sudoers (replace UID by your user ID and HASH by the ls
 
    20 # Add this line to sudoers (replace UID by your user ID and HASH by the ls
 
    18 # hash):
 
    21 # hash):
 
   116 sudo dtrace -l -n 'syscall::b*:entry'
 
   119 sudo dtrace -l -n 'syscall::b*:entry'
 
   117 >    ID   PROVIDER            MODULE                          FUNCTION NAME
 
   120 >    ID   PROVIDER            MODULE                          FUNCTION NAME
 
   118 > 11282    syscall                                                 brk entry
 
   121 > 11282    syscall                                                 brk entry
 
   119 > 11550    syscall                                            brandsys entry
 
   122 > 11550    syscall                                            brandsys entry
 
   120 > 11642    syscall                                                bind entry
 
   123 > 11642    syscall                                                bind entry
 
       
   124 
       
   125 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
       
   126 
       
   127 # Test noexec
 
       
   128 
       
   129 # Verify the following works
 
       
   130 
       
   131 $ sudo /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
 
       
   132 before
 
       
   133 uid=0(root) gid=0(root) groups=0(root),1(other),2(bin),3(sys),4(adm),6(mail),7(tty),8(lp),12(daemon)
 
       
   134 after
 
       
   135 
       
   136 # Add the following to sudoers
 
       
   137 
       
   138 ALL     ALL = NOPASSWD: NOEXEC: /usr/perl5/5.12/bin/perl
 
       
   139 
       
   140 # Now Perl should be prevent to run further commands, so the output is
 
       
   141 
       
   142 $ sudo /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
 
       
   143 before
 
       
   144 after
 
       
   145 
       
   146 # Perl itself works as expected
 
       
   147 
       
   148 $ /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
 
       
   149 before
 
       
   150 uid=101(rimmer) gid=10(staff) groups=10(staff)
 
       
   151 after
upstream/oracle/userland-gate