mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-10-01 08:25:45 -04:00
output
This commit is contained in:
Patrick Schleizer
parent
c9fd2ceb61
commit
151ca659a9
@ -64,7 +64,7 @@ add_nosuid_statoverride_entry() {
|
||||
|
||||
local dummy_line
|
||||
while IFS="" read -r -d "" dummy_line; do
|
||||
log info "Test would parse line: ${dummy_line}"
|
||||
log info "Test would parse line: '${dummy_line}'"
|
||||
should_be_counter=$((should_be_counter + 1))
|
||||
done < <(find "${fso_to_process}" -perm /u=s,g=s -print0)
|
||||
|
||||
@ -77,7 +77,7 @@ add_nosuid_statoverride_entry() {
|
||||
file_name="${line}"
|
||||
|
||||
if test -z "${file_name}"; then
|
||||
log error "File name is empty in line: ${line}" >&2
|
||||
log error "File name is empty in line: '${line}'" >&2
|
||||
continue
|
||||
fi
|
||||
|
||||
@ -107,21 +107,21 @@ file_name_from_stat: '${file_name_from_stat}'" >&2
|
||||
fi
|
||||
|
||||
if test -z "${existing_mode}"; then
|
||||
log error "Existing mode is empty in line: ${line}" >&2
|
||||
log error "Existing mode is empty in line: '${line}'" >&2
|
||||
continue
|
||||
fi
|
||||
if test -z "${existing_owner}"; then
|
||||
log error "Existing owner is empty in line: ${line}" >&2
|
||||
log error "Existing owner is empty in line: '${line}'" >&2
|
||||
continue
|
||||
fi
|
||||
if test -z "${existing_group}"; then
|
||||
log error "Existing group is empty in line: ${line}" >&2
|
||||
log error "Existing group is empty in line: '${line}'" >&2
|
||||
continue
|
||||
fi
|
||||
|
||||
## dpkg-statoverride: error: path may not contain newlines
|
||||
if [[ "${file_name}" == *$'\n'* ]]; then
|
||||
log warn "Skipping file name that contains newlines: ${file_name}" >&2
|
||||
log warn "Skipping file name that contains newlines: '${file_name}'" >&2
|
||||
continue
|
||||
fi
|
||||
|
||||
@ -131,12 +131,12 @@ file_name_from_stat: '${file_name_from_stat}'" >&2
|
||||
|
||||
if test -h "${file_name}"; then
|
||||
## https://forums.whonix.org/t/disable-suid-binaries/7706/14
|
||||
log info "Skip symlink: ${file_name}"
|
||||
log info "Skip symlink: '${file_name}'"
|
||||
continue
|
||||
fi
|
||||
|
||||
if test -d "${file_name}"; then
|
||||
log info "Skip directory: ${file_name}"
|
||||
log info "Skip directory: '${file_name}'"
|
||||
continue
|
||||
fi
|
||||
|
||||
@ -214,7 +214,7 @@ file_name_from_stat: '${file_name_from_stat}'" >&2
|
||||
|
||||
local clean_output_prefix clean_output
|
||||
clean_output_prefix="Managing (S|G)UID of line:"
|
||||
clean_output="setuid=${setuid_output} setgid=${setsgid_output} existing_mode=${existing_mode} new_mode=${new_mode} file='${file_name}'"
|
||||
clean_output="setuid='${setuid_output}' setgid='${setsgid_output}' existing_mode='${existing_mode}' new_mode='${new_mode}' file='${file_name}'"
|
||||
if test "${whitelists_disable_all:-}" = "true"; then
|
||||
log info "${clean_output_prefix} whitelists_disable_all=true ${clean_output}"
|
||||
elif test "${is_disable_whitelisted}" = "true"; then
|
||||
@ -225,7 +225,7 @@ file_name_from_stat: '${file_name_from_stat}'" >&2
|
||||
continue
|
||||
fi
|
||||
if test "${is_match_whitelisted}" = "true"; then
|
||||
log info "${clean_output_prefix} is_match_whitelisted=true matchwhite_list_entry=${matchwhite_list_entry} ${clean_output}"
|
||||
log info "${clean_output_prefix} is_match_whitelisted=true matchwhite_list_entry='${matchwhite_list_entry}' ${clean_output}"
|
||||
continue
|
||||
fi
|
||||
fi
|
||||
@ -273,7 +273,7 @@ file_name_from_stat: '${file_name_from_stat}'" >&2
|
||||
}
|
||||
|
||||
set_file_perms() {
|
||||
log info "START parsing config file: ${config_file}"
|
||||
log info "START parsing config file: '${config_file}'"
|
||||
local line
|
||||
while read -r line || test -n "${line}"; do
|
||||
if test -z "${line}"; then
|
||||
@ -286,7 +286,7 @@ set_file_perms() {
|
||||
|
||||
if ! [[ "${line}" =~ [0-9a-zA-Z/] ]]; then
|
||||
exit_code=200
|
||||
log error "Line contains invalid characters: ${line}" >&2
|
||||
log error "Line contains invalid characters: '${line}'" >&2
|
||||
## Safer to exit with error in this case.
|
||||
## https://forums.whonix.org/t/disable-suid-binaries/7706/59
|
||||
exit "${exit_code}"
|
||||
@ -311,7 +311,7 @@ set_file_perms() {
|
||||
exit "${exit_code}"
|
||||
fi
|
||||
|
||||
log info "Parsing line: fso=${fso} mode_from_config=${mode_from_config} owner_from_config=${owner_from_config} group_from_config=${group_from_config} capability_from_config=${capability_from_config}"
|
||||
log info "Parsing line: fso='${fso}' mode_from_config='${mode_from_config}' owner_from_config='${owner_from_config}' group_from_config='${group_from_config}' capability_from_config='${capability_from_config}'"
|
||||
|
||||
## Debugging.
|
||||
#echo "line: '${line}'"
|
||||
@ -516,7 +516,7 @@ set_file_perms() {
|
||||
fi
|
||||
|
||||
done <"${config_file}"
|
||||
log info "END parsing config file: ${config_file}"
|
||||
log info "END parsing config file: '${config_file}'"
|
||||
}
|
||||
|
||||
parse_config_folder() {
|
||||
@ -587,10 +587,10 @@ spare() {
|
||||
local owner group mode file_name
|
||||
if ! read -r owner group mode file_name <<< "${line}"; then
|
||||
exit_code=201
|
||||
log error "Cannot parse line: ${line}" >&2
|
||||
log error "Cannot parse line: '${line}'" >&2
|
||||
continue
|
||||
fi
|
||||
log info "Parsing line: owner=${owner} group=${group} mode=${mode} file_name='${file_name}'"
|
||||
log info "Parsing line: owner='${owner}' group='${group}' mode='${mode}' file_name='${file_name}'"
|
||||
|
||||
if test "${remove_file}" = "all"; then
|
||||
verbose=""
|
||||
@ -618,7 +618,7 @@ spare() {
|
||||
# shellcheck disable=SC2086
|
||||
chmod ${verbose} "${mode}" "${file_name}" || exit_code=203
|
||||
else
|
||||
log info "File does not exist: ${file_name}"
|
||||
log info "File does not exist: '${file_name}'"
|
||||
fi
|
||||
|
||||
dpkg-statoverride --remove "${file_name}" &>/dev/null || true
|
||||
|
||||
Loading…
Reference in New Issue
Block a user