Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

debugging

Browse Source
This commit is contained in:
Patrick Schleizer 2019-12-21 06:22:46 -05:00
parent 195e00cc87
commit 2dca031527
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
usr/lib/security-misc/permission-hardening
View File

@ -170,8 +170,7 @@ add_nosuid_statoverride_entry() {
echo "INFO: $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode' | new_mode: '$new_mode'"
if dpkg-statoverride $dpkg_admindir_parameter_existing_mode --list "$file_name" >/dev/null ; then
## Existing mode already saved previously. No need to save again.
true OK
true "OK Existing mode already saved previously. No need to save again."
else
## Save existing_mode in separate database.
## Not using --update as not intending to enforce existing_mode.
@ -222,7 +221,7 @@ set_file_perms() {
fi
if [[ "$line" =~ [0-9a-zA-Z/] ]]; then
true OK
true "OK line contains only white listed characters."
else
exit_code=200
echo "ERROR: cannot parse line with invalid character: $line" >&2
@ -339,16 +338,14 @@ set_file_perms() {
if dpkg-statoverride --list "$fso_without_trailing_slash" >/dev/null ; then
## There is an fso entry. Check if owner/group/mode match.
if dpkg-statoverride --list | grep -q "$owner_from_config $group_from_config $mode_for_grep $fso_without_trailing_slash" ; then
## The owner/group/mode matches. No further action required.
true OK
true "OK The owner/group/mode matches. No further action required."
else
## The owner/group/mode do not match, therefore remove and re-add the entry to update it.
## fso_without_trailing_slash instead of fso to prevent
## "dpkg-statoverride: warning: stripping trailing /"
if dpkg-statoverride $dpkg_admindir_parameter_existing_mode --list "$fso_without_trailing_slash" >/dev/null ; then
## Existing mode already saved previously. No need to save again.
true OK
true "OK Existing mode already saved previously. No need to save again."
else
## Save existing_mode in separate database.
## Not using --update as not intending to enforce existing_mode.
@ -369,8 +366,7 @@ set_file_perms() {
## There is no fso entry. Therefore add one.
if dpkg-statoverride $dpkg_admindir_parameter_existing_mode --list "$fso_without_trailing_slash" >/dev/null ; then
## Existing mode already saved previously. No need to save again.
true OK
true "OK Existing mode already saved previously. No need to save again."
else
## Save existing_mode in separate database.
## Not using --update as not intending to enforce existing_mode.