Change Details

Add `-o verify` to `sh` to make it use `O_VERIFY` when sourcing scripts and reading profiles. Useful in conjunction with `mac_veriexec` to help protect at least some parts of the boot sequence, e.g., `/etc/rc*`. (If OK I'll submit another patch to let `init` spawn `rc` with something like `sh -o verify /etc/rc`). I used `truss` to ensure `O_VERIFY` is effectively used: ```lang=bash # sh # set -o Current option settings errexit off … verify off # set -o verify # set -o Current option settings errexit off … verify on # set +o verify # set -o Current option settings errexit off … verify off # ^D # truss /bin/sh -o verify /tmp/hello.sh 2>&1 | grep open … openat(AT_FDCWD,"/tmp/hello.sh",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) # ls -li /bin/sh /bin/-sh 3858755 -r-xr-xr-x 2 1000 0 171504 May 25 13:10 /bin/-sh 3858755 -r-xr-xr-x 2 1000 0 171504 May 25 13:10 /bin/sh # truss -- -sh -o verify /tmp/hello.sh 2>&1 | grep open … openat(AT_FDCWD,"/tmp/hello.sh",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) openat(AT_FDCWD,"/etc/profile",O_RDONLY|O_CLOEXEC|O_VERIFY,00) ERR#2 'No such file or directory' openat(AT_FDCWD,"/root/.profile",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) # cat /tmp/foo.sh #!/bin/sh set -o verify . /tmp/hello.sh # truss sh /tmp/foo.sh 2>&1 | grep open … openat(AT_FDCWD,"/tmp/foo.sh",O_RDONLY|O_CLOEXEC,00) = 3 (0x3) openat(AT_FDCWD,"/tmp/hello.sh",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) ``` Any hint on the Good Way to create some tests would be welcome :)

Add `-o verify` to `sh` to make it use `O_VERIFY` when sourcing scripts and reading profiles. Useful in conjunction with `mac_veriexec` to help protect at least some parts of the boot sequence, e.g., `/etc/rc*`. (If OK I'll submit another patch to let `init` spawn `rc` with something like `sh -o verify /etc/rc`). I used `truss` to ensure `O_VERIFY` is effectively used: ``` # sh # set -o Current option settings errexit off … verify off # set -o verify # set -o Current option settings errexit off … verify on # set +o verify # set -o Current option settings errexit off … verify off # ^D # truss /bin/sh -o verify /tmp/hello.sh 2>&1 | grep open … openat(AT_FDCWD,"/tmp/hello.sh",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) # ls -li /bin/sh /bin/-sh 3858755 -r-xr-xr-x 2 1000 0 171504 May 25 13:10 /bin/-sh 3858755 -r-xr-xr-x 2 1000 0 171504 May 25 13:10 /bin/sh # truss -- -sh -o verify /tmp/hello.sh 2>&1 | grep open … openat(AT_FDCWD,"/tmp/hello.sh",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) openat(AT_FDCWD,"/etc/profile",O_RDONLY|O_CLOEXEC|O_VERIFY,00) ERR#2 'No such file or directory' openat(AT_FDCWD,"/root/.profile",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) # cat /tmp/foo.sh #!/bin/sh set -o verify . /tmp/hello.sh # truss sh /tmp/foo.sh 2>&1 | grep open … openat(AT_FDCWD,"/tmp/foo.sh",O_RDONLY|O_CLOEXEC,00) = 3 (0x3) openat(AT_FDCWD,"/tmp/hello.sh",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) ``` Any hint on the Good Way to create some tests would be welcome :)

Add `-o verify` to `sh` to make it use `O_VERIFY` when sourcing scripts and reading profiles. Useful in conjunction with `mac_veriexec` to help protect at least some parts of the boot sequence, e.g., `/etc/rc*`. (If OK I'll submit another patch to let `init` spawn `rc` with something like `sh -o verify /etc/rc`). I used `truss` to ensure `O_VERIFY` is effectively used: ```lang=bash # sh # set -o Current option settings errexit off … verify off # set -o verify # set -o Current option settings errexit off … verify on # set +o verify # set -o Current option settings errexit off … verify off # ^D # truss /bin/sh -o verify /tmp/hello.sh 2>&1 | grep open … openat(AT_FDCWD,"/tmp/hello.sh",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) # ls -li /bin/sh /bin/-sh 3858755 -r-xr-xr-x 2 1000 0 171504 May 25 13:10 /bin/-sh 3858755 -r-xr-xr-x 2 1000 0 171504 May 25 13:10 /bin/sh # truss -- -sh -o verify /tmp/hello.sh 2>&1 | grep open … openat(AT_FDCWD,"/tmp/hello.sh",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) openat(AT_FDCWD,"/etc/profile",O_RDONLY|O_CLOEXEC|O_VERIFY,00) ERR#2 'No such file or directory' openat(AT_FDCWD,"/root/.profile",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) # cat /tmp/foo.sh #!/bin/sh set -o verify . /tmp/hello.sh # truss sh /tmp/foo.sh 2>&1 | grep open … openat(AT_FDCWD,"/tmp/foo.sh",O_RDONLY|O_CLOEXEC,00) = 3 (0x3) openat(AT_FDCWD,"/tmp/hello.sh",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) ``` Any hint on the Good Way to create some tests would be welcome :)