Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-03 10:00:25 -05:00
Code Issues Packages Projects Releases Wiki Activity

use find with safe_echo_nonewline

Browse Source
This commit is contained in:
Patrick Schleizer 2024-07-26 10:16:20 -04:00
parent 6bbf176e3b
commit 04d9ca1ebe
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
usr/bin/permission-hardener
View File

@ -16,6 +16,7 @@ dpkg_admindir_parameter_existing_mode="--admindir ${store_dir}/existing_mode"
dpkg_admindir_parameter_new_mode="--admindir ${store_dir}/new_mode" dpkg_admindir_parameter_new_mode="--admindir ${store_dir}/new_mode"
delimiter="#permission-hardener-delimiter#" delimiter="#permission-hardener-delimiter#"
source /usr/libexec/helper-scripts/safe_echo.sh
# shellcheck disable=SC2034 # shellcheck disable=SC2034
log_level=notice log_level=notice
# shellcheck disable=SC1091 # shellcheck disable=SC1091
@ -174,7 +175,7 @@ add_nosuid_statoverride_entry() {
while IFS="" read -r -d "" dummy_line; do while IFS="" read -r -d "" dummy_line; do
log info "Test would parse line: '${dummy_line}'" log info "Test would parse line: '${dummy_line}'"
should_be_counter=$((should_be_counter + 1)) should_be_counter=$((should_be_counter + 1))
done < <(printf -- "${fso_to_process}" | find -files0-from - -perm /u=s,g=s -print0) done < <(safe_echo_nonewline "${fso_to_process}" | find -files0-from - -perm /u=s,g=s -print0)
local line local line
while IFS="" read -r -d "" file_name; do while IFS="" read -r -d "" file_name; do
@ -328,7 +329,7 @@ add_nosuid_statoverride_entry() {
## /usr/lib will hit ARG_MAX if using bash 'shopt -s globstar' and '/usr/lib/**'. ## /usr/lib will hit ARG_MAX if using bash 'shopt -s globstar' and '/usr/lib/**'.
## Using 'find' with '-perm /u=s,g=s' is faster and avoids ARG_MAX. ## Using 'find' with '-perm /u=s,g=s' is faster and avoids ARG_MAX.
## https://forums.whonix.org/t/disable-suid-binaries/7706/17 ## https://forums.whonix.org/t/disable-suid-binaries/7706/17
done < <(printf -- "${fso_to_process}" | find -files0-from - -perm /u=s,g=s -print0) done < <(safe_echo_nonewline "${fso_to_process}" | find -files0-from - -perm /u=s,g=s -print0)
## Sanity test. ## Sanity test.
if test ! "${should_be_counter}" = "${counter_actual}"; then if test ! "${should_be_counter}" = "${counter_actual}"; then