def check_tmp(): tmpfile = "/tmp/testfile" data = "tmp check test string" # write to /tmp as user test1 if not file_write_check("Exercise 3: /tmp write:", tmpfile, data, "test1", "pass", "test2", "pass"): log(red("FAIL"), "Exercise 3: /tmp check (could not write to /tmp)") return # try to read the same file if file_read_check("Exercise 3: shared /tmp:", tmpfile, None, data, "test2", "pass", "test1", "pass"): log(red("FAIL"), "Exercise 3: /tmp check (/tmp shared by more than one user)") return # try to read the same file, sneaky edition z.register("test1/.", "pass") if file_read_check("Exercise 3: shared /tmp:", tmpfile, None, data, "test1/.", "pass", "test1", "pass"): log(red("FAIL"), "Exercise 3: /tmp check (special characters in usernames)") return log(green("PASS"), "Exercise 3: /tmp check")
def check_fs(): tmpfile = "/testfile" data = "testfile check test string" # write to / as user test1 if not file_write_check("Exercise 10: /testfile write:", tmpfile, data, "test1", "supersecretpassword", "test2", "pass"): log(red("FAIL"), "Exercise 10: /testfile check (could not write to /testfile)") return # try to read the same file if file_read_check("Exercise 10: shared /testfile:", tmpfile, None, data, "test2", "pass", "test1", "supersecretpassword"): log(red("FAIL"), "Exercise 10: /testfile check (/testfile shared by more than one user)") return # try to read the same file, sneaky edition z.register("test1/.", "pass") if file_read_check("Exercise 10: shared /testfile:", tmpfile, None, data, "test1/.", "pass", "test1", "supersecretpassword"): log(red("FAIL"), "Exercise 10: /testfile check (special characters in usernames)") return # check world permissions on file #st = os.stat('/jail'+tmpfile) #if bool(st.st_mode & stat.S_IRWXO): # log(red("FAIL"), "Exercise 2: profile files have world permissions") # return log(green("PASS"), "Exercise 10: /testfile check")
def check_granter_3(): html3, cookies3 = z.register("test3", "pass") z.transfer(cookies3, "test2", 10) pat = "profile.*You have \d+ already; no need for more" return check_profile("granter.py", pat, "Greedy visitor check2")