#! /bin/sh
# PCP QA Test No. 640
#
# Check no possible root exploit via pmpost.  This test originally
# used the actual exploit, but this has not been feasible for many
# years; so we now simply check the right permissions are in place
# and move right along...
#
# Aug 2024 update
# SuSE Issue G identifies another possible exploit, so try that
# as well.
#
# Copyright (c) 1995-2002 Silicon Graphics, Inc.  All Rights Reserved.
#

seq=`basename $0`
echo "QA output created by $seq"

# get standard environment, filters and checks
. ./common.product
. ./common.filter
. ./common.check

ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq_full 2>&1

_cleanup()
{
    if [ -f $PCP_LOG_DIR/NOTICES.$seq ]
    then
	$sudo rm -f $PCP_LOG_DIR/NOTICES
	$sudo mv $PCP_LOG_DIR/NOTICES.$seq $PCP_LOG_DIR/NOTICES
    fi
    ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq_full 2>&1
    $sudo rm -rf $tmp $tmp.*
}

status=1	# failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15

_filter()
{
    sed \
	-e "s@$PCP_LOG_DIR@PCP_LOG_DIR@g" \
	-e '/^pmpost:/s/\[.*]/[DATE]/' \
    # end
}

# real QA test starts here
pmpost=$PCP_BINADM_DIR/pmpost
echo "Using pmpost binary: $pmpost" >>$seq_full
test -u "$pmpost" && echo "FAIL: pmpost has setuid bit set"
test -g "$pmpost" && echo "FAIL: pmpost has setgid bit set"

$sudo mkdir $tmp || exit
$sudo chmod 700 $tmp || exit
$sudo -u $PCP_USER mv $PCP_LOG_DIR/NOTICES $PCP_LOG_DIR/NOTICES.$seq

$sudo -u $PCP_USER ln -s $tmp/badness $PCP_LOG_DIR/NOTICES >>$seq_full
$pmpost ordinary user 2>&1 | _filter
$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq_full 2>&1
$sudo -u $PCP_USER $pmpost pcp user 2>&1 | _filter
$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq_full 2>&1
$sudo $pmpost root user 2>&1 | _filter
$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq_full 2>&1
if $sudo test -f $tmp/badness
then
    $sudo cat $tmp/badness
fi

echo "Test complete"

status=0
exit