cron_neg_tests.sh revision fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3
1fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#!/bin/bash 2fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 3fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewiam=`whoami` 4fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 5fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewif [ $iam = "root" ]; then 6fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew if [ $# -lt 1 ] ; then 7fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo Either do not run this script as root or start it like 8fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo " $0 <user>" 9fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew exit 1 10fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew fi 11fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 12fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew su $1 -c "$0 $*" 13fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew exit $? 14fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfi 15fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 16fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 17fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 1. root einen cronjob unterjubeln 18fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 19fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 20fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfinalrc=0 21fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 22fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 23fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewcrontab -u root - << EOF 24fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew0 * * * * true 25fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewEOF 26fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 27fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewrc=$? 28fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 29fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewif [ $rc = "0" ]; then 30fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo root has now an interesting cron job 31fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "crontab has a severe security breach (FAIL)" 32fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo 33fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew finalrc=1 34fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewelse 35fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "Editing a crontab of another user failed successfully (PASS)" 36fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo 37fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfi 38fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 39fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 40fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 41fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 2. write some illegal crontabs 42fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 43fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 44fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# Save crontab 45fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 46fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#crontab -l > /dev/null 2> /dev/null 47fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#if [ $? = "0" ]; then 48fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo Saving current crontab... 49fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo 50fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# crontab -l > /tmp/save-crontab-`whoami` 51fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# savedcrontab=1 52fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# crontab -r 53fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#fi 54fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 55fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#for line in `cat cron_illegal_cron_lines | grep '^[^#]' | sed -e 's/[ \t][ \t]*/_/g'` ; do 56fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# line=`echo $line | sed -e 's/_/ /g'` 57fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew # echo Line: "$line" 58fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# cronconf=`echo "$line" | cut -f 1 -d '|'` 59fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# desc=`echo "$line" | cut -f 2 -d '|'` 60fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 61fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo "Test: $desc" 62fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo "$cronconf true" | crontab - 63fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew # echo "$cronconf" 64fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# if [ $? = "0" ]; then 65fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo 'Test FAILED (or crontab returned wrong exit code)' 66fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo 'crontab -l:' 67fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# crontab -l 68fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# finalrc=1 69fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# fi 70fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo 71fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#done 72fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 73fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 74fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# Test whether cron uses setuid correctly 75fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 76fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho 77fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho setuid test 78fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho 79fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 80fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewtmpscript=cron_neg01_test 81fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewrm -rf $tmpscript.out &> /dev/null 82fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 83fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 84fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewcat > /tmp/$tmpscript << EOF 85fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewtouch /root/halloichwarhier 86fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewsleep 1 87fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewcat /root/halloichwarhier ; echo "res:$?" 88fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewrm /root/halloichwarhier 89fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewEOF 90fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 91fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewchmod 755 /tmp/$tmpscript 92fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 93fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 94fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewcronline=`date '+%M %H' | gawk '{print $1+2" "$2" * * * "}'` 95fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew(echo "$cronline /tmp/$tmpscript >> /tmp/$tmpscript.out 2>> /tmp/$tmpscript.out" ; \ 96fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "$cronline /tmp/$tmpscript >> /$tmpscript.out 2>> /$tmpscript.out") \ 97fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew | crontab - 98fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 99fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho "sleeping 130 secs..." 100fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewsleep 130 101fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 102fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho 103fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho "Results:" 104fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewif [ "1" = `cat /tmp/$tmpscript.out | grep "res:0" | wc -l` ]; then 105fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "setuid test part 1 successfully failed (PASS)" 106fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewelse 107fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "cron executed scripts have root privileges! (FAIL)" 108fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew finalrc=1 109fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfi 110fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 111fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewCODE=0 112fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewtest -e /tmp/$tmpscript.out && CODE=1 113fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewif [ $CODE = "1" ]; then 114fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "setuid test part 2 successfully failed (PASS)" 115fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewelse 116fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "cron writes script output with root privileges! (FAIL)" 117fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew finalrc=1 118fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfi 119fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho 120fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 121fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewrm /tmp/$tmpscript* &> /dev/null 122fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewcrontab -r 123fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 124fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# Restore crontab 125fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 126fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewif [ "$savedcrontab" = "1" ]; then 127fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "Restoring crontab..." 128fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew cat /tmp/save-crontab-`whoami` | grep '^[^#]' | crontab - 129fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew # rm -r /tmp/save-crontab-`whoami` 130fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfi 131fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 132fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewexit $finalrc 133