From 8f14e808a9b27f980299ed493f1ecb85acbe1c70 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 01:32:49 -0500
Subject: [PATCH] send error messages to stderr

---
 usr/lib/security-misc/permission-hardening | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/usr/lib/security-misc/permission-hardening b/usr/lib/security-misc/permission-hardening
index 7bab862..36f23f0 100755
--- a/usr/lib/security-misc/permission-hardening
+++ b/usr/lib/security-misc/permission-hardening
@@ -17,7 +17,7 @@ add_statoverride_entry() {
       fi
 
       if test -u "${file_name}" || test -g "${file_name}"; then
-        echo "suid - file_name: '${file_name}' | existing_mode: '${existing_mode}'"
+        echo "suid - file_name: '${file_name}' | existing_mode: '${existing_mode}'" >&2
 
         if dpkg-statoverride --list | grep -q "${file_name}"; then
           if ! dpkg-statoverride --list | grep -q "${owner} ${group} ${existing_mode:1} ${file_name}"; then
@@ -37,7 +37,7 @@ add_statoverride_entry() {
 set_file_perms() {
   while read -r line; do
     if [[ "$line" =~ ^#.*$ ]]; then
-      echo "ERROR: cannot parse line with invalid character: ${line}"
+      echo "ERROR: cannot parse line with invalid character: ${line}" >&2
       continue
     fi
 
@@ -46,12 +46,12 @@ set_file_perms() {
     fi
 
     if ! read -r file mode owner group capability <<< "${line}" ; then
-      echo "ERROR: cannot parse line: ${line}"
+      echo "ERROR: cannot parse line: ${line}" >&2
       continue
     fi
 
     if ! [ -e "${file}" ]; then
-      echo "ERROR: File '${file}' does not exist!"
+      echo "ERROR: File '${file}' does not exist!" >&2
       continue
     fi
 
@@ -59,17 +59,17 @@ set_file_perms() {
     if [ "${mode}" = "nosuid" ]; then
       nosuid="true"
     elif ! seq -w 000 4777 | grep -qw "${mode}"; then
-      echo "ERROR: Mode '${mode}' is invalid!"
+      echo "ERROR: Mode '${mode}' is invalid!" >&2
       continue
     fi
 
     if ! getent passwd | grep -q "^${owner}:" && ! [ "${mode}" = "nosuid" ]; then
-      echo "ERROR: User '${owner}' does not exist!"
+      echo "ERROR: User '${owner}' does not exist!" >&2
       continue
     fi
 
     if ! getent group | grep -q "^${group}:" && ! [ "${mode}" = "nosuid" ]; then
-      echo "ERROR: Group '${group}' does not exist!"
+      echo "ERROR: Group '${group}' does not exist!" >&2
       continue
     fi
 
@@ -90,7 +90,7 @@ set_file_perms() {
         setcap -r "${file}"
       else
         if ! capsh --print | grep "Bounding set" | grep -q "${capability}"; then
-           echo "ERROR: Capability '${capability}' does not exist!"
+           echo "ERROR: Capability '${capability}' does not exist!" >&2
            continue
         fi