diff options
author | Armin Kuster <akuster808@gmail.com> | 2023-09-26 09:49:22 +0200 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2023-10-04 17:26:33 -0700 |
commit | 1a3e42cedbd94ca73be45800d0e902fec35d0f0f (patch) | |
tree | 0659690affe978f405320d06c60b8594cda19464 | |
parent | f99844d793573fb67432cf287963f180b475d62f (diff) | |
download | meta-security-kirkstone.tar.gz |
smack-test: more py3 covertionkirkstone
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | recipes-mac/smack/smack-test/notroot.py | 12 | ||||
-rw-r--r-- | recipes-mac/smack/smack-test/smack_test_file_access.sh | 10 |
2 files changed, 11 insertions, 11 deletions
diff --git a/recipes-mac/smack/smack-test/notroot.py b/recipes-mac/smack/smack-test/notroot.py index f0eb0b5..89f83f4 100644 --- a/recipes-mac/smack/smack-test/notroot.py +++ b/recipes-mac/smack/smack-test/notroot.py | |||
@@ -1,4 +1,4 @@ | |||
1 | #!/usr/bin/env python | 1 | #!/usr/bin/env python3 |
2 | # | 2 | # |
3 | # Script used for running executables with custom labels, as well as custom uid/gid | 3 | # Script used for running executables with custom labels, as well as custom uid/gid |
4 | # Process label is changed by writing to /proc/self/attr/curent | 4 | # Process label is changed by writing to /proc/self/attr/curent |
@@ -9,8 +9,8 @@ | |||
9 | # """By default, each user in Debian GNU/Linux is given a corresponding group | 9 | # """By default, each user in Debian GNU/Linux is given a corresponding group |
10 | # with the same name. """ | 10 | # with the same name. """ |
11 | # | 11 | # |
12 | # Usage: root@desk:~# python notroot.py <uid> <label> <full_path_to_executable> [arguments ..] | 12 | # Usage: root@desk:~# python3 notroot.py <uid> <label> <full_path_to_executable> [arguments ..] |
13 | # eg: python notroot.py 1000 User::Label /bin/ping -c 3 192.168.1.1 | 13 | # eg: python3 notroot.py 1000 User::Label /bin/ping -c 3 192.168.1.1 |
14 | # | 14 | # |
15 | # Author: Alexandru Cornea <alexandru.cornea@intel.com> | 15 | # Author: Alexandru Cornea <alexandru.cornea@intel.com> |
16 | import os | 16 | import os |
@@ -28,6 +28,6 @@ try: | |||
28 | os.setuid(uid) | 28 | os.setuid(uid) |
29 | os.execv(path,sys.argv) | 29 | os.execv(path,sys.argv) |
30 | 30 | ||
31 | except Exception,e: | 31 | except Exception as e: |
32 | print e.message | 32 | print(e.strerror) |
33 | sys.exit(1) | 33 | sys.exit(-1) |
diff --git a/recipes-mac/smack/smack-test/smack_test_file_access.sh b/recipes-mac/smack/smack-test/smack_test_file_access.sh index 5a0ce84..598f1df 100644 --- a/recipes-mac/smack/smack-test/smack_test_file_access.sh +++ b/recipes-mac/smack/smack-test/smack_test_file_access.sh | |||
@@ -8,7 +8,7 @@ CAT=`which cat` | |||
8 | ECHO=`which echo` | 8 | ECHO=`which echo` |
9 | uid=1000 | 9 | uid=1000 |
10 | initial_label=`cat /proc/self/attr/current` | 10 | initial_label=`cat /proc/self/attr/current` |
11 | python $TMP/notroot.py $uid "TheOther" $ECHO 'TEST' > $test_file | 11 | python3 $TMP/notroot.py $uid "TheOther" $ECHO 'TEST' > $test_file |
12 | chsmack -a "TheOther" $test_file | 12 | chsmack -a "TheOther" $test_file |
13 | 13 | ||
14 | # 12345678901234567890123456789012345678901234567890123456 | 14 | # 12345678901234567890123456789012345678901234567890123456 |
@@ -17,7 +17,7 @@ rule_ro="TheOne TheOther r----" | |||
17 | 17 | ||
18 | # Remove pre-existent rules for "TheOne TheOther <access>" | 18 | # Remove pre-existent rules for "TheOne TheOther <access>" |
19 | echo -n "$delrule" > $SMACK_PATH/load | 19 | echo -n "$delrule" > $SMACK_PATH/load |
20 | python $TMP/notroot.py $uid "TheOne" $CAT $test_file 2>&1 1>/dev/null | grep -q "Permission denied" || RC=$? | 20 | python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file 2>&1 1>/dev/null | grep -q "Permission denied" || RC=$? |
21 | if [ $RC -ne 0 ]; then | 21 | if [ $RC -ne 0 ]; then |
22 | echo "Process with different label than the test file and no read access on it can read it" | 22 | echo "Process with different label than the test file and no read access on it can read it" |
23 | exit $RC | 23 | exit $RC |
@@ -25,7 +25,7 @@ fi | |||
25 | 25 | ||
26 | # adding read access | 26 | # adding read access |
27 | echo -n "$rule_ro" > $SMACK_PATH/load | 27 | echo -n "$rule_ro" > $SMACK_PATH/load |
28 | python $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$? | 28 | python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$? |
29 | if [ $RC -ne 0 ]; then | 29 | if [ $RC -ne 0 ]; then |
30 | echo "Process with different label than the test file but with read access on it cannot read it" | 30 | echo "Process with different label than the test file but with read access on it cannot read it" |
31 | exit $RC | 31 | exit $RC |
@@ -36,7 +36,7 @@ echo -n "$delrule" > $SMACK_PATH/load | |||
36 | # changing label of test file to * | 36 | # changing label of test file to * |
37 | # according to SMACK documentation, read access on a * object is always permitted | 37 | # according to SMACK documentation, read access on a * object is always permitted |
38 | chsmack -a '*' $test_file | 38 | chsmack -a '*' $test_file |
39 | python $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$? | 39 | python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$? |
40 | if [ $RC -ne 0 ]; then | 40 | if [ $RC -ne 0 ]; then |
41 | echo "Process cannot read file with * label" | 41 | echo "Process cannot read file with * label" |
42 | exit $RC | 42 | exit $RC |
@@ -45,7 +45,7 @@ fi | |||
45 | # changing subject label to * | 45 | # changing subject label to * |
46 | # according to SMACK documentation, every access requested by a star labeled subject is rejected | 46 | # according to SMACK documentation, every access requested by a star labeled subject is rejected |
47 | TOUCH=`which touch` | 47 | TOUCH=`which touch` |
48 | python $TMP/notroot.py $uid '*' $TOUCH $TMP/test_file_2 | 48 | python3 $TMP/notroot.py $uid '*' $TOUCH $TMP/test_file_2 |
49 | ls -la $TMP/test_file_2 2>&1 | grep -q 'No such file or directory' || RC=$? | 49 | ls -la $TMP/test_file_2 2>&1 | grep -q 'No such file or directory' || RC=$? |
50 | if [ $RC -ne 0 ];then | 50 | if [ $RC -ne 0 ];then |
51 | echo "Process with label '*' should not have any access" | 51 | echo "Process with label '*' should not have any access" |