mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-18 02:04:24 -05:00
output
This commit is contained in:
Patrick Schleizer
parent
c9fd2ceb61
commit
151ca659a9
@ -64,7 +64,7 @@ add_nosuid_statoverride_entry() {
|
|||||||
|
|
||||||
local dummy_line
|
local dummy_line
|
||||||
while IFS="" read -r -d "" dummy_line; do
|
while IFS="" read -r -d "" dummy_line; do
|
||||||
log info "Test would parse line: ${dummy_line}"
|
log info "Test would parse line: '${dummy_line}'"
|
||||||
should_be_counter=$((should_be_counter + 1))
|
should_be_counter=$((should_be_counter + 1))
|
||||||
done < <(find "${fso_to_process}" -perm /u=s,g=s -print0)
|
done < <(find "${fso_to_process}" -perm /u=s,g=s -print0)
|
||||||
|
|
||||||
@ -77,7 +77,7 @@ add_nosuid_statoverride_entry() {
|
|||||||
file_name="${line}"
|
file_name="${line}"
|
||||||
|
|
||||||
if test -z "${file_name}"; then
|
if test -z "${file_name}"; then
|
||||||
log error "File name is empty in line: ${line}" >&2
|
log error "File name is empty in line: '${line}'" >&2
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -107,21 +107,21 @@ file_name_from_stat: '${file_name_from_stat}'" >&2
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if test -z "${existing_mode}"; then
|
if test -z "${existing_mode}"; then
|
||||||
log error "Existing mode is empty in line: ${line}" >&2
|
log error "Existing mode is empty in line: '${line}'" >&2
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
if test -z "${existing_owner}"; then
|
if test -z "${existing_owner}"; then
|
||||||
log error "Existing owner is empty in line: ${line}" >&2
|
log error "Existing owner is empty in line: '${line}'" >&2
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
if test -z "${existing_group}"; then
|
if test -z "${existing_group}"; then
|
||||||
log error "Existing group is empty in line: ${line}" >&2
|
log error "Existing group is empty in line: '${line}'" >&2
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
## dpkg-statoverride: error: path may not contain newlines
|
## dpkg-statoverride: error: path may not contain newlines
|
||||||
if [[ "${file_name}" == *$'\n'* ]]; then
|
if [[ "${file_name}" == *$'\n'* ]]; then
|
||||||
log warn "Skipping file name that contains newlines: ${file_name}" >&2
|
log warn "Skipping file name that contains newlines: '${file_name}'" >&2
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -131,12 +131,12 @@ file_name_from_stat: '${file_name_from_stat}'" >&2
|
|||||||
|
|
||||||
if test -h "${file_name}"; then
|
if test -h "${file_name}"; then
|
||||||
## https://forums.whonix.org/t/disable-suid-binaries/7706/14
|
## https://forums.whonix.org/t/disable-suid-binaries/7706/14
|
||||||
log info "Skip symlink: ${file_name}"
|
log info "Skip symlink: '${file_name}'"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test -d "${file_name}"; then
|
if test -d "${file_name}"; then
|
||||||
log info "Skip directory: ${file_name}"
|
log info "Skip directory: '${file_name}'"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -214,7 +214,7 @@ file_name_from_stat: '${file_name_from_stat}'" >&2
|
|||||||
|
|
||||||
local clean_output_prefix clean_output
|
local clean_output_prefix clean_output
|
||||||
clean_output_prefix="Managing (S|G)UID of line:"
|
clean_output_prefix="Managing (S|G)UID of line:"
|
||||||
clean_output="setuid=${setuid_output} setgid=${setsgid_output} existing_mode=${existing_mode} new_mode=${new_mode} file='${file_name}'"
|
clean_output="setuid='${setuid_output}' setgid='${setsgid_output}' existing_mode='${existing_mode}' new_mode='${new_mode}' file='${file_name}'"
|
||||||
if test "${whitelists_disable_all:-}" = "true"; then
|
if test "${whitelists_disable_all:-}" = "true"; then
|
||||||
log info "${clean_output_prefix} whitelists_disable_all=true ${clean_output}"
|
log info "${clean_output_prefix} whitelists_disable_all=true ${clean_output}"
|
||||||
elif test "${is_disable_whitelisted}" = "true"; then
|
elif test "${is_disable_whitelisted}" = "true"; then
|
||||||
@ -225,7 +225,7 @@ file_name_from_stat: '${file_name_from_stat}'" >&2
|
|||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
if test "${is_match_whitelisted}" = "true"; then
|
if test "${is_match_whitelisted}" = "true"; then
|
||||||
log info "${clean_output_prefix} is_match_whitelisted=true matchwhite_list_entry=${matchwhite_list_entry} ${clean_output}"
|
log info "${clean_output_prefix} is_match_whitelisted=true matchwhite_list_entry='${matchwhite_list_entry}' ${clean_output}"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -273,7 +273,7 @@ file_name_from_stat: '${file_name_from_stat}'" >&2
|
|||||||
}
|
}
|
||||||
|
|
||||||
set_file_perms() {
|
set_file_perms() {
|
||||||
log info "START parsing config file: ${config_file}"
|
log info "START parsing config file: '${config_file}'"
|
||||||
local line
|
local line
|
||||||
while read -r line || test -n "${line}"; do
|
while read -r line || test -n "${line}"; do
|
||||||
if test -z "${line}"; then
|
if test -z "${line}"; then
|
||||||
@ -286,7 +286,7 @@ set_file_perms() {
|
|||||||
|
|
||||||
if ! [[ "${line}" =~ [0-9a-zA-Z/] ]]; then
|
if ! [[ "${line}" =~ [0-9a-zA-Z/] ]]; then
|
||||||
exit_code=200
|
exit_code=200
|
||||||
log error "Line contains invalid characters: ${line}" >&2
|
log error "Line contains invalid characters: '${line}'" >&2
|
||||||
## Safer to exit with error in this case.
|
## Safer to exit with error in this case.
|
||||||
## https://forums.whonix.org/t/disable-suid-binaries/7706/59
|
## https://forums.whonix.org/t/disable-suid-binaries/7706/59
|
||||||
exit "${exit_code}"
|
exit "${exit_code}"
|
||||||
@ -311,7 +311,7 @@ set_file_perms() {
|
|||||||
exit "${exit_code}"
|
exit "${exit_code}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log info "Parsing line: fso=${fso} mode_from_config=${mode_from_config} owner_from_config=${owner_from_config} group_from_config=${group_from_config} capability_from_config=${capability_from_config}"
|
log info "Parsing line: fso='${fso}' mode_from_config='${mode_from_config}' owner_from_config='${owner_from_config}' group_from_config='${group_from_config}' capability_from_config='${capability_from_config}'"
|
||||||
|
|
||||||
## Debugging.
|
## Debugging.
|
||||||
#echo "line: '${line}'"
|
#echo "line: '${line}'"
|
||||||
@ -516,7 +516,7 @@ set_file_perms() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
done <"${config_file}"
|
done <"${config_file}"
|
||||||
log info "END parsing config file: ${config_file}"
|
log info "END parsing config file: '${config_file}'"
|
||||||
}
|
}
|
||||||
|
|
||||||
parse_config_folder() {
|
parse_config_folder() {
|
||||||
@ -587,10 +587,10 @@ spare() {
|
|||||||
local owner group mode file_name
|
local owner group mode file_name
|
||||||
if ! read -r owner group mode file_name <<< "${line}"; then
|
if ! read -r owner group mode file_name <<< "${line}"; then
|
||||||
exit_code=201
|
exit_code=201
|
||||||
log error "Cannot parse line: ${line}" >&2
|
log error "Cannot parse line: '${line}'" >&2
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
log info "Parsing line: owner=${owner} group=${group} mode=${mode} file_name='${file_name}'"
|
log info "Parsing line: owner='${owner}' group='${group}' mode='${mode}' file_name='${file_name}'"
|
||||||
|
|
||||||
if test "${remove_file}" = "all"; then
|
if test "${remove_file}" = "all"; then
|
||||||
verbose=""
|
verbose=""
|
||||||
@ -618,7 +618,7 @@ spare() {
|
|||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
chmod ${verbose} "${mode}" "${file_name}" || exit_code=203
|
chmod ${verbose} "${mode}" "${file_name}" || exit_code=203
|
||||||
else
|
else
|
||||||
log info "File does not exist: ${file_name}"
|
log info "File does not exist: '${file_name}'"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
dpkg-statoverride --remove "${file_name}" &>/dev/null || true
|
dpkg-statoverride --remove "${file_name}" &>/dev/null || true
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user