#!/bin/bash # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/iptables/Regression/xtables-tools-locking-vulnerable-to-local-DoS # Description: Test for xtables tools locking vulnerable to local DoS # Author: Tomas Dolezal # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Copyright (c) 2015 Red Hat, Inc. # # This program is free software: you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation, either version 2 of # the License, or (at your option) any later version. # # This program is distributed in the hope that it will be # useful, but WITHOUT ANY WARRANTY; without even the implied # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR # PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see http://www.gnu.org/licenses/. # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include Beaker environment . /usr/bin/rhts-environment.sh || exit 1 . /usr/share/beakerlib/beakerlib.sh || exit 1 rlJournalStart rlPhaseStartSetup rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" rlRun "pushd $TmpDir" rlPhaseEnd rlPhaseStartTest if rlIsRHEL '<8' || rlIsFedora '<32' || rlIsCentOS '<8'; then rlRun "strace -fe flock,bind,open,openat -o strace.out iptables -w -L" 0 "execute iptables in strace" echo --debug--; cat strace.out rlAssertNotGrep "bind.*xtables" strace.out -E rlAssertGrep " flock(" strace.out rlAssertGrep "/run/xtables.lock" strace.out fi rlPhaseEnd rlPhaseStartCleanup rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd rlJournalPrintText rlJournalEnd