Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-12 23:59:39 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix permission-hardener config parsing issue

Browse Source
This commit is contained in:
Patrick Schleizer 2023-11-05 16:39:10 -05:00
parent 65e3c14643
commit 017ae18ad7
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
usr/bin/permission-hardening
View File

@ -18,6 +18,7 @@ set -o pipefail
exit_code=0
mkdir -p /var/lib/permission-hardening/private
mkdir -p /var/lib/permission-hardening/existing_mode
mkdir -p /var/lib/permission-hardening/new_mode
dpkg_admindir_parameter_existing_mode="--admindir /var/lib/permission-hardening/existing_mode"
@ -273,12 +274,11 @@ set_file_perms() {
exit "$exit_code"
fi
echo "line: '$line'"
echo "fso: '$fso'"
echo "mode_from_config: '$mode_from_config'"
echo "owner_from_config: '$owner_from_config'"
## Debugging.
#echo "line: '$line'"
#echo "fso: '$fso'"
#echo "mode_from_config: '$mode_from_config'"
#echo "owner_from_config: '$owner_from_config'"
local fso_without_trailing_slash
fso_without_trailing_slash="${fso%/}"
@ -469,16 +469,20 @@ echo "owner_from_config: '$owner_from_config'"
}
parse_config_folder() {
local passwd_file_contents_temp
# Query contents of password and group databases only once and buffer them
#
# If we don't buffer we sometimes get incorrect results when checking for entries using
# 'if getent passwd | grep -q '^root:'; ...' since 'grep' exits after the first match in
# this case causing 'getent' to receive SIGPIPE, which then fails the pipeline since
# 'set -o pipefail' is set for this script.
passwd_file_contents=$(getent passwd)
passwd_file_contents=$(echo "$passwd_file_contents")
group_file_contents=$(getent group)
group_file_contents=$(echo "$group_file_contents")
passwd_file_contents_temp=$(getent passwd)
echo "$passwd_file_contents_temp" | tee /var/lib/permission-hardening/private/passwd >/dev/null
group_file_contents_temp=$(getent group)
echo "$group_file_contents_temp" | tee /var/lib/permission-hardening/private/group >/dev/null
passwd_file_contents=$(cat /var/lib/permission-hardening/private/passwd)
group_file_contents=$(cat /var/lib/permission-hardening/private/group)
shopt -s nullglob
for config_file in /etc/permission-hardening.d/*.conf /usr/local/etc/permission-hardening.d/*.conf; do