mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-24 01:07:21 +01:00
52 lines
1.2 KiB
Bash
Executable File
52 lines
1.2 KiB
Bash
Executable File
#!/bin/sh
|
|
# $FreeBSD$
|
|
|
|
dir=`dirname $0`
|
|
. ${dir}/misc.sh
|
|
|
|
echo "1..48"
|
|
|
|
# Verify if security.mac.portacl.suser_exempt=1 really exempts super-user.
|
|
|
|
sysctl security.mac.portacl.suser_exempt=1 >/dev/null
|
|
|
|
bind_test ok ok uid root tcp 77
|
|
bind_test ok ok uid root tcp 7777
|
|
bind_test ok ok uid root udp 77
|
|
bind_test ok ok uid root udp 7777
|
|
|
|
bind_test ok ok gid root tcp 77
|
|
bind_test ok ok gid root tcp 7777
|
|
bind_test ok ok gid root udp 77
|
|
bind_test ok ok gid root udp 7777
|
|
|
|
# Verify if security.mac.portacl.suser_exempt=0 really doesn't exempt super-user.
|
|
|
|
sysctl security.mac.portacl.suser_exempt=0 >/dev/null
|
|
|
|
bind_test fl ok uid root tcp 77
|
|
bind_test ok ok uid root tcp 7777
|
|
bind_test fl ok uid root udp 77
|
|
bind_test ok ok uid root udp 7777
|
|
|
|
bind_test fl ok gid root tcp 77
|
|
bind_test ok ok gid root tcp 7777
|
|
bind_test fl ok gid root udp 77
|
|
bind_test ok ok gid root udp 7777
|
|
|
|
# Verify if security.mac.portacl.port_high works for super-user.
|
|
|
|
sysctl security.mac.portacl.port_high=7778 >/dev/null
|
|
|
|
bind_test fl ok uid root tcp 77
|
|
bind_test fl ok uid root tcp 7777
|
|
bind_test fl ok uid root udp 77
|
|
bind_test fl ok uid root udp 7777
|
|
|
|
bind_test fl ok gid root tcp 77
|
|
bind_test fl ok gid root tcp 7777
|
|
bind_test fl ok gid root udp 77
|
|
bind_test fl ok gid root udp 7777
|
|
|
|
restore_settings
|