./._demo_and_tools0000755011670700007650000000030511102664635013660 0ustar schubaschubaMac OS X  2ATTRF@(--com.apple.quarantineq/0000;48ee5a4c;Firefox;|org.mozilla.firefoxdemo_and_tools/0000755011670700007650000000000011102664635013362 5ustar schubaschubademo_and_tools/._bin0000755011670700007650000000030511102665725014274 0ustar schubaschubaMac OS X  2ATTRF@*--com.apple.quarantineq/0000;48ee5a4c;Firefox;|org.mozilla.firefoxdemo_and_tools/bin/0000755011670700007650000000000011102665725014133 5ustar schubaschubademo_and_tools/bin/._demotools.pm0000764011670700007650000000012211102665217016705 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/bin/demotools.pm0000764011670700007650000000330711102665217016500 0ustar schubaschuba#-------------------------------------------------- package demotools; #-------------------------------------------------- $prompt = "\$"; $delay = 0.15; # in seconds #-------------------------------------------------- ## overwrite default prompt sub setprompt { ($prompt) = $_[0]; } #-------------------------------------------------- ## overwrite default typing delay sub setdelay { ($delay) = $_[0]; } #-------------------------------------------------- ## waiting for user to hit ENTER sub wait4enter { ## system("head -n 1"); <>; } #-------------------------------------------------- sub typer { ## break argument into its characters. @chars = split(//, $_[0]); ## Set this output device to flush after each printed character $| = 1; ## Go through all characters and print them to screen with delay while (@chars) { printf (shift (@chars)); select(undef, undef, undef, $delay); } } #-------------------------------------------------- sub cmd { ## Get argument count $argc = @_; ## If no arguments, then exit if ($argc == 0) { return 0; } ## Get the first argument - the string to be printed my($pcmd) = $_[0]; ## Print that string to the screen, after the prompt, with character delay printf ("$prompt "); typer ($pcmd); wait4enter; ## If we have only one argument, we want to execute the first argument ## (the one that was printed.) ## Otherwise, we'll start with the second and execute all subsequent ones. if ($argc > 1) { shift @_; } while (@_) { system(shift(@_)); } ## Wait for user to give green light for next command printf("$prompt "); wait4enter; } #-------------------------------------------------- demo_and_tools/bin/._ipsdemo0000755011670700007650000000012211077450205015725 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/bin/ipsdemo0000755011670700007650000000273611077450205015525 0ustar schubaschuba#!/usr/bin/perl -w use demotools; #-------------------------------------------------- # main printf("\n"); demotools::cmd("pkg help"); printf("\n"); demotools::cmd("pkg search zfs"); printf("\n"); demotools::cmd("pkg list SUNWzfs"); printf("\n"); demotools::cmd("pkg info SUNWzfs"); printf("\n"); demotools::cmd("pkg contents -t dir,file,link,hardlink -o action.name,mode,pkg.size,path,target SUNWzfs"); printf("\n"); demotools::cmd("which gcc"); printf("\n"); demotools::cmd("pkg search -r gcc"); printf("\n"); demotools::cmd("pkg info -r gcc-dev"); printf("\n"); demotools::cmd("pfexec pkg refresh"); printf("\n"); demotools::cmd("pfexec pkg install -v gcc-dev"); printf("\n"); demotools::cmd("which gcc"); printf("\n"); demotools::cmd("pkg search -r emacs"); printf("\n"); demotools::cmd("pfexec pkg set-authority -O http://pkg.sunfreeware.com:9000 sunfreeware.com"); printf("\n"); demotools::cmd("pkg authority"); printf("\n"); demotools::cmd("pfexec pkg refresh"); printf("\n"); demotools::cmd("pkg search -r emacs"); printf("\n"); demotools::cmd("cd ws/hello-world"); printf("\n"); demotools::cmd("cat src/hello-world.c"); printf("\n"); demotools::cmd("gcc -o bin/hello-world src/hello-world.c"); printf("\n"); demotools::cmd("bin/hello-world"); printf("\n"); demotools::cmd("svcs pkg/server"); printf("\n"); demotools::cmd("svcadm enable pkg/server"); printf("\n"); demotools::cmd("cat pkgsend-script"); #-------------------------------------------------- demo_and_tools/bin/._privdebug.pl0000755011670700007650000000030511077417415016677 0ustar schubaschubaMac OS X  2ATTRF@.--com.apple.quarantineq/0000;48ee5a4c;Firefox;|org.mozilla.firefoxdemo_and_tools/bin/privdebug.pl0000755011670700007650000001005411077417415016464 0ustar schubaschuba#!/usr/bin/perl # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # Copyright 2006 Sun Microsystems Inc. All rights reserved. # Use is subject to license terms. # # Some concepts in this script have been cribed from the scripts in the # DTracetoolkit by Brendan Gregg: http://users.tpg.com.au/adsln4yb/dtrace.html use Getopt::Std; use Sun::Solaris::Privilege qw(:ALL); &Usage() if $ARGV[0] eq "--help"; getopts('He:fhn:o:p:vz:') || &Usage(); &Usage() if $opt_h; $FILTER = ""; $COMMAND= 0; if ($opt_e) { $COMMAND= 1 if defined $opt_e; $FILTER = "(pid == \$target)"; } else { $FILTER = "(execname == \"$opt_n\")" if defined $opt_n; if ($FILTER) { $FILTER = "$FILTER && (pid == $opt_p)" if defined $opt_p; } else { $FILTER = "(pid == $opt_p)" if defined $opt_p; } if ($FILTER) { $FILTER = "$FILTER && (zonename == \"$opt_z\")" if defined $opt_z; } else { $FILTER = "(zonename == \"$opt_z\")" if defined $opt_z; } &Usage if not $FILTER; } $FOLLOW = 0; $FOLLOW = 1 if defined $opt_f; $HEADER = 1; $HEADER = 0 if defined $opt_H; $VERBOSE = 0; $VERBOSE = 1 if defined $opt_v; $dscript = <child = 0; } syscall:::entry /($FILTER) || self->child/ { self->start = timestamp; } /* Follow children */ syscall::fork*:entry /$FOLLOW && self->start/ { /* track this parent process */ trackedpid[pid] = 1; } syscall::fork*:return /$FOLLOW && trackedpid[ppid]/ { /* set as child */ self->child = 1; } sdt:::priv-ok /($FILTER) || self->child/ { printf("USED:%d:%d:%d:%s:%d:%d\\n", pid, ppid, uid, execname, timestamp, arg0); } sdt:::priv-err /($FILTER) || self->child/ { printf("NEED:%d:%d:%d:%s:%d:%d\\n", pid, ppid, uid, execname, timestamp, arg0); } END $SIG{INT} = \&Cleanup_Signal; # Ctrl-C $SIG{QUIT} = \&Cleanup_Signal; # Ctrl-\ $SIG{TERM} = \&Cleanup_Signal; # TERM $dtrace = "/usr/sbin/dtrace -n '$dscript'"; if ($COMMAND) { $dtrace = $dtrace . " -c \"$opt_e\""; } open(DTRACE, "$dtrace |") || die "failed to start dtrace\n"; if ($opt_o) { open(OUTPUT, ">", "$opt_o") || die "open of $opt_e failed: $!"; } else { open(OUTPUT, ">&1") || die "can't dup stdout"; } if ($HEADER) { if ($VERBOSE) { printf(OUTPUT "%-4s %-18s %-6s %-6s %-6s %-20s %s\n", "STAT", "TIMESTAMP", "PPID", "PID", "UID", "PRIV", "CMD"); } else { printf(OUTPUT "%-4s %s\n", "STAT", "PRIV"); } } while (chomp($line = )) { ($need, $ppid, $pid, $uid, $execname, $time, $privnum) = split(':', $line); if ($need) { if ($VERBOSE) { printf(OUTPUT "%-4s %-18s %-6s %-6s %-6s %-20s %s\n", $need, $time, $pid, $ppid, $uid, priv_getbynum($privnum), $execname); } else { printf(OUTPUT "%-4s %s\n", $need, priv_getbynum($privnum)); } } } close(DTRACE); close(OUTPUT) if defined $opt_o; sub Cleanup_Signal { } sub Usage { printf(STDERR "privdebug [-f] [-v] [-H] [-o out]\n"); printf(STDERR " %-15s\t%s", "-n ", "Debug a specific program name\n"); printf(STDERR " %-15s\t%s", "-p ", "Debug a specific process ID\n"); printf(STDERR " %-15s\t%s", "-z ", "Debug a specific zone name\n"); printf(STDERR "\nprivdebug [-f] [-v] [-H] [-o out]\n"); printf(STDERR " %-15s\t%s", "-e ", "Execute and debug a specific command\n"); printf(STDERR "\nprivdebug --help | -h\n"); exit(1); } demo_and_tools/bin/._secdemo-cf0000755011670700007650000000012211102664353016272 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/bin/secdemo-cf0000755011670700007650000000206511102664353016065 0ustar schubaschuba#!/usr/bin/perl -w # # Demo script accompanying TD09 presentation # Developing and Deploying Securely # # This script is for the Crypto Framework portion of the talk v1.0.2 # use demotools; demotools::setprompt("[global 1]: \$"); #-------------------------------------------------- # main # slide 41 system("clear"); demotools::cmd("cryptoadm list"); # slide 46 system("clear"); demotools::cmd("man pkcs11_softtoken"); # slide 48 digest example system("clear"); demotools::cmd("digest -l"); printf("\n"); demotools::cmd("digest -a sha256 /etc/passwd"); # slide 48 - encryption example system("clear"); demotools::cmd("encrypt -l"); printf("\n"); demotools::cmd("pktool genkey keystore=file keytype=aes keylen=192 outkey=key"); printf("\n"); demotools::cmd("encrypt -k key -a aes -i /etc/passwd -o passwd.enc"); printf("\n"); demotools::cmd("od -xc passwd.enc \| head"); # slide 50 system("clear"); demotools::cmd("modinfo \| grep -i swrand"); printf("\n"); demotools::cmd("cryptoadm list -mv"); #-------------------------------------------------- demo_and_tools/bin/._secdemo-priv00000744011670700007650000000012211102665725016744 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/bin/secdemo-priv00000744011670700007650000000304311102665725016534 0ustar schubaschuba#!/usr/bin/perl # # Demo script accompanying TD09 presentation # Developing and Deploying Securely # # This script is the left hand side (mostly superuser commands) # for the privileges portion of the talk v1.0.2. # use demotools; demotools::setprompt("[global 0]: \$"); $user = $ENV{"USER"}; #-------------------------------------------------- # main # slide 9 system("clear"); demotools::cmd("pfexec pgrep cat", "pfexec pgrep -U $user -n cat "); printf("\n"); demotools::cmd("pfexec ppriv -S `pgrep cat`", "pfexec ppriv -S `pgrep -U $user -n cat`"); # slide 11 system("clear"); demotools::cmd("pfexec pgrep ping", "pfexec pgrep -U $user -n ping"); printf("\n"); demotools::cmd("pfexec ppriv -S `pgrep ping`", "pfexec ppriv -S `pgrep -U $user -n ping`"); # slide 12 system("clear"); demotools::cmd("ppriv -lv basic"); # slide 21 system("clear"); demotools::cmd("tail -f /var/adm/messages"); # slide 22, first example system("clear"); demotools::cmd("pfexec dtrace -l \| grep priv-"); # slide 22, second example - SKIPPING THIS EXAMPLE IN THIS DEMO ##system("clear"); demotools::cmd("pfexec dtrace -n 'sdt:::priv-*'"); # slide 22, third example system("clear"); demotools::cmd("pfexec dtrace -n 'sdt:::priv-* { printf(\"%d %d %s\", arg0, pid, execname); }'"); # slide 23, first example system("clear"); demotools::cmd("pfexec privdebug.pl -n sshd -f -v"); # slide 23, second example system("clear"); demotools::cmd("pfexec privdebug.pl -n cat -f -v"); #-------------------------------------------------- demo_and_tools/bin/._secdemo-priv0~0000744011670700007650000000012211102664430017132 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/bin/secdemo-priv0~0000744011670700007650000000307311102664430016725 0ustar schubaschuba#!/usr/bin/perl -w # # Demo script accompanying TD09 presentation # Developing and Deploying Securely # # This script is the left hand side (mostly superuser commands) # for the privileges portion of the talk v1.0.2. # use demotools; demotools::setprompt("[global 0]: \$"); $user = $ENV{"USER"}; #-------------------------------------------------- # main printf("hi\n"); exit; # slide 9 system("clear"); demotools::cmd("pfexec pgrep cat", "pfexec pgrep -U $user -n cat "); printf("\n"); demotools::cmd("pfexec ppriv -S `pgrep cat`", "pfexec ppriv -S `pgrep -U $user -n cat`"); # slide 11 system("clear"); demotools::cmd("pfexec pgrep ping", "pfexec pgrep -U $user -n ping"); printf("\n"); demotools::cmd("pfexec ppriv -S `pgrep ping`", "pfexec ppriv -S `pgrep -U $user -n ping`"); # slide 12 system("clear"); demotools::cmd("ppriv -lv basic"); # slide 21 system("clear"); demotools::cmd("tail -f /var/adm/messages"); # slide 22, first example system("clear"); demotools::cmd("pfexec dtrace -l \| grep priv-"); # slide 22, second example - SKIPPING THIS EXAMPLE IN THIS DEMO ##system("clear"); demotools::cmd("pfexec dtrace -n 'sdt:::priv-*'"); # slide 22, third example system("clear"); demotools::cmd("pfexec dtrace -n 'sdt:::priv-* { printf(\"%d %d %s\", arg0, pid, execname); }'"); # slide 23, first example system("clear"); demotools::cmd("pfexec privdebug.pl -n sshd -f -v"); # slide 23, second example system("clear"); demotools::cmd("pfexec privdebug.pl -n cat -f -v"); #-------------------------------------------------- demo_and_tools/bin/._secdemo-priv10000755011670700007650000000012211102664377016751 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/bin/secdemo-priv10000755011670700007650000000140511102664377016541 0ustar schubaschuba#!/usr/bin/perl -w # # Demo script accompanying TD09 presentation # Developing and Deploying Securely # # This script is the right hand side (mostly user commands) # for the privileges portion of the talk v1.0.2. # use demotools; demotools::setprompt("[global 1]: \$"); #-------------------------------------------------- # main # slide 9 system("clear"); demotools::cmd("cat"); # close command "cat" out with a CTRL-D # slide 11 system("clear"); demotools::cmd("ping www.sun.com"); # slide 21 system("clear"); demotools::cmd("ppriv -e -D cat /etc/shadow"); # slide 23, first example system("clear"); demotools::cmd("ssh localhost"); # slide 23, second example printf("\n"); demotools::cmd("cat /etc/shadow"); #-------------------------------------------------- demo_and_tools/bin/._secdemo-rbac0000755011670700007650000000012211102664455016614 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/bin/secdemo-rbac0000755011670700007650000000232111102664455016402 0ustar schubaschuba#!/usr/bin/perl -w # # Demo script accompanying TD09 presentation # Developing and Deploying Securely # # This script is for the RBAC portion of the talk v1.0.2 # use demotools; demotools::setprompt("[global 1]: \$"); $user = $ENV{"USER"}; #-------------------------------------------------- # main # slide 32 system("clear"); demotools::cmd("whoami"); printf("\n"); demotools::cmd("profiles"); printf("\n"); demotools::cmd("auths"); printf("\n"); demotools::cmd("grep $user /etc/user_attr"); printf("\n"); demotools::cmd("pfexec usermod -P \\\"\\\" $user", "pfexec usermod -P \"\" $user"); printf("\n"); demotools::cmd("grep $user /etc/user_attr"); printf("\n"); demotools::cmd("auths"); # slide 33 printf("\n"); demotools::cmd("pfexec usermod -P \\\"Primary Administrator\\\" $user", "pfexec usermod -P \"Primary Administrator\""); printf("\n"); demotools::cmd("auths \| grep grant"); printf("\n"); printf("## whoami\n"); printf("## usermod -P \"Primary Administrator\" $user\n"); printf("## exit\n"); printf("\n"); demotools::cmd("su root"); printf("\n"); demotools::cmd("grep $user /etc/user_attr"); printf("\n"); demotools::cmd("auths"); #-------------------------------------------------- demo_and_tools/bin/._tmpdemo0000764011670700007650000000012211102660127015725 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/bin/tmpdemo0000764011670700007650000000030411102660127015512 0ustar schubaschuba#!/usr/bin/perl -w use demotools; #-------------------------------------------------- # main system("clear"); demotools::cmd("whoami"); #-------------------------------------------------- demo_and_tools/bin/._tmpdemo00000764011670700007650000000012211102660153016004 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/bin/tmpdemo00000764011670700007650000000032711102660153015576 0ustar schubaschuba#!/usr/bin/perl -w use demotools; #-------------------------------------------------- # main system("clear"); demotools::cmd("tail -f /var/adm/messages"); #-------------------------------------------------- demo_and_tools/bin/._tmpdemo10000764011670700007650000000012211102660141016002 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/bin/tmpdemo10000764011670700007650000000040211102660141015566 0ustar schubaschuba#!/usr/bin/perl -w use demotools; #-------------------------------------------------- # main system("clear"); demotools::cmd("ppriv -e -D cat /etc/shadow", "date;ppriv -e -D cat /etc/shadow"); #-------------------------------------------------- demo_and_tools/._hello-world0000755011670700007650000000030511075660110015744 0ustar schubaschubaMac OS X  2ATTRF@?--com.apple.quarantineq/0000;48ee5a4c;Firefox;|org.mozilla.firefoxdemo_and_tools/hello-world/0000755011670700007650000000000011075660110015603 5ustar schubaschubademo_and_tools/hello-world/._bin0000755011670700007650000000030511013170154016510 0ustar schubaschubaMac OS X  2ATTRF@A--com.apple.quarantineq/0000;48ee5a4c;Firefox;|org.mozilla.firefoxdemo_and_tools/hello-world/bin/0000755011670700007650000000000011013170154016347 5ustar schubaschubademo_and_tools/hello-world/._pkgsend-script0000744011670700007650000000012211013205374020673 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/hello-world/pkgsend-script0000744011670700007650000000050111013205374020457 0ustar schubaschuba#!/bin/bash cd ws/hello-world eval 'pkgsend -s "http://localhost:80" open hello-world@1.0-1' pkgsend -s "http://localhost:80" add dir mode=055 owner=root group=bin path=bin pkgsend -s "http://localhost:80" add file bin/hello-world mode=055 owner=root group=bin path=bin/hello-world pkgsend -s "http://localhost:80" close demo_and_tools/hello-world/._src0000755011670700007650000000030511075660110016533 0ustar schubaschubaMac OS X  2ATTRF@E--com.apple.quarantineq/0000;48ee5a4c;Firefox;|org.mozilla.firefoxdemo_and_tools/hello-world/src/0000755011670700007650000000000011075660110016372 5ustar schubaschubademo_and_tools/hello-world/src/._hello-world.c0000644011670700007650000000012211013171554021177 0ustar schubaschubaMac OS X  2 RTEXTEMAxdemo_and_tools/hello-world/src/hello-world.c0000644011670700007650000000014311013171554020765 0ustar schubaschuba#include int main(int argc, char *argv[]) { printf("Hello World!\n"); return 0; }