Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-05 14:28:50 -04:00
Code Issues Projects Releases Packages Wiki Activity

add matchwhitelist feature

Browse source 
add "/usr/lib/virtualbox/ matchwhitelist"
This commit is contained in:
Patrick Schleizer 2019-12-20 12:57:24 -05:00
parent 3fab387669
commit 17e8605119
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
2 changed files with 25 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

20
usr/lib/security-misc/permission-hardening
View file

@ -120,11 +120,25 @@ add_nosuid_statoverride_entry() {
fi
done
is_match_whitelisted=""
for matchwhite_list_entry in $matchwhitelist ; do
if echo "$file_name" | grep -q "$matchwhite_list_entry" ; then
is_match_whitelisted="true"
## Stop looping through the matchwhitelist.
break
fi
done
if [ "$is_whitelisted" = "true" ]; then
echo "INFO: SKIP whitelisted - $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode'"
continue
fi
if [ "$is_match_whitelisted" = "true" ]; then
echo "INFO: SKIP matchwhitelisted - $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode' | matchwhite_list_entry: '$matchwhite_list_entry'"
continue
fi
echo "INFO: $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode' | new_mode: '$new_mode'"
## No need to check "dpkg-statoverride --list" for existing entries.
@ -181,6 +195,12 @@ set_file_perms() {
continue
fi
if [ "$mode_from_config" = "matchwhitelist" ]; then
## TODO: test/add white spaces inside file name support
matchwhitelist+="$fso "
continue
fi
if ! [ -e "$fso" ]; then
echo "INFO: fso: '$fso' - does not exist. This is likely normal."
continue