Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

comment

Browse Source
This commit is contained in:
Patrick Schleizer 2024-07-26 10:26:43 -04:00
parent ac41d1cfff
commit 6096ed1109
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
usr/bin/permission-hardener
View File

@ -179,6 +179,10 @@ add_nosuid_statoverride_entry() {
done < <(safe_echo_nonewline "${fso_to_process}" | find -files0-from - -perm /u=s,g=s -print0)
## False positive on SC2185 (find without path argument) #1748
## https://github.com/koalaman/shellcheck/issues/1748
##
## /usr/lib will hit ARG_MAX if using bash 'shopt -s globstar' and '/usr/lib/**'.
## Using 'find' with '-perm /u=s,g=s' is faster and avoids ARG_MAX.
## https://forums.whonix.org/t/disable-suid-binaries/7706/17
local line
while IFS="" read -r -d "" file_name; do
@ -328,10 +332,6 @@ add_nosuid_statoverride_entry() {
## Not using --update as this is only for recording.
# shellcheck disable=SC2086
echo_wrapper_audit silent dpkg-statoverride ${dpkg_admindir_parameter_new_mode} --add "${existing_owner}" "${existing_group}" "${new_mode}" "${file_name}"
## /usr/lib will hit ARG_MAX if using bash 'shopt -s globstar' and '/usr/lib/**'.
## Using 'find' with '-perm /u=s,g=s' is faster and avoids ARG_MAX.
## https://forums.whonix.org/t/disable-suid-binaries/7706/17
done < <(safe_echo_nonewline "${fso_to_process}" | find -files0-from - -perm /u=s,g=s -print0)
## Sanity test.