/* * selinux_test.c - Program pro overeni funkcnosti zabezpeceni SELinuxem * * This is an example file for the UNIX - Seminar of System Administration * course. * * Copyright (C) 2008 Jan "Yenya" Kasprzak * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /* * Zkompilovat pomoci * cc -Wall -o selinux_test selinux_test.c * pripadne * cc -Wall -DPROBE_SECURITY -o selinux_test selinux_test.c */ #include #include #include #include #include #include #include #ifdef PROBE_SECURITY #include #include #include #include #endif static void die(char *msg, ...) { va_list ap; va_start(ap, msg); vfprintf(stderr, msg, ap); va_end(ap); exit(1); } int main(int argc, char **argv) { FILE *infile, *outfile; char *infilename, *outfilename; int c, bytes = 0, modified = 0; #ifdef PROBE_SECURITY int sock; struct sockaddr_in sin; struct in_addr ina; #endif fprintf(stderr, "Starting up.\n"); #ifdef PROBE_SECURITY fprintf(stderr, "PROBE_SECURITY compiled in.\n"); fprintf(stderr, "Trying to open /etc/passwd: "); if ((infile = fopen("/etc/passwd", "r"))) fprintf(stderr, "BAD: I can read /etc/passwd!\n"); else fprintf(stderr, "OK: Can't read /etc/passwd.\n"); fprintf(stderr, "Trying to get AF_INET socket: "); if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { fprintf(stderr, "OK: Can't create socket.\n"); goto SOCK_FAIL; } else fprintf(stderr, "maybe BAD: I can get a socket.\n"); inet_aton("127.0.0.1", &ina); sin.sin_family = AF_INET; sin.sin_addr = ina; sin.sin_port = htons(22); /* SSH */ fprintf(stderr, "Trying to connect to 127.0.0.1:22: "); if (connect(sock, (struct sockaddr *)&sin, sizeof(sin))) fprintf(stderr, "OK: Can't connect.\n"); else fprintf(stderr, "BAD: I can connect to 127.0.0.1:22!\n"); SOCK_FAIL: fprintf(stderr, "Trying to exec /bin/sh. " "If you will see the shell prompt now, it is BAD!\n"); putenv("PS1=BAD: got a shell.\\$ "); execl("/bin/sh", "/bin/sh", "-i", NULL); fprintf(stderr, "OK: exec of /bin/sh failed.\n"); #endif if (argc != 3) die("Usage: %s infile outfile\n", *argv); infilename = argv[1]; outfilename = argv[2]; if (!(infile = fopen(infilename, "r"))) die("Opening: infile %s: %s\n", infilename, strerror(errno)); if (!(outfile = fopen(outfilename, "w"))) die("Opening: outfile %s: %s\n", outfilename, strerror(errno)); while ((c = fgetc(infile)) != EOF) { bytes++; if (isdigit(c)) { c = '@'; modified++; } if (fputc(c, outfile) == EOF) die("Writing to outfile %s: %s\n", outfilename, strerror(errno)); } if (!feof(infile)) die("Reading from infile %s: %s\n", infilename, strerror(errno)); if (fclose(infile) == EOF) die("Closing input file %s: %s\n", infilename, strerror(errno)); if (fclose(outfile) == EOF) die("Closing/flushing output file %s: %s\n", outfilename, strerror(errno)); fprintf(stderr, "Data copied. %d out of %d bytes modified.\n", modified, bytes); return 0; }