mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-28 15:09:27 -05:00
Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists"
This reverts commit 36a471ebce
.
This commit is contained in:
parent
704f0500ba
commit
b09cc0de6a
@ -15,12 +15,6 @@
|
||||
|
||||
## TODO: white spaces inside file name untested and probably will not work.
|
||||
|
||||
######################################################################
|
||||
# Global Settings
|
||||
######################################################################
|
||||
|
||||
#whitelists_disable_all=true
|
||||
|
||||
######################################################################
|
||||
# SUID disablewhitelist
|
||||
######################################################################
|
||||
|
@ -252,12 +252,6 @@ set_file_perms() {
|
||||
exit "$exit_code"
|
||||
fi
|
||||
|
||||
if [ "$line" = 'whitelists_disable_all=true' ]; then
|
||||
whitelists_disable_all=true
|
||||
echo "INFO: whitelists_disable_all=true - all whitelists disabled."
|
||||
continue
|
||||
fi
|
||||
|
||||
#global fso
|
||||
local mode_from_config owner_from_config group_from_config capability_from_config
|
||||
if ! read -r fso mode_from_config owner_from_config group_from_config capability_from_config <<< "$line" ; then
|
||||
@ -281,22 +275,14 @@ set_file_perms() {
|
||||
fi
|
||||
|
||||
if [ "$mode_from_config" = "exactwhitelist" ]; then
|
||||
if [ "$whitelists_disable_all" = "true" ]; then
|
||||
true "INFO: Not adding fso '$fso' to exact_white_list because whitelists_disable_all=true"
|
||||
else
|
||||
## TODO: test/add white spaces inside file name support
|
||||
exact_white_list+="$fso "
|
||||
fi
|
||||
## TODO: test/add white spaces inside file name support
|
||||
exact_white_list+="$fso "
|
||||
continue
|
||||
fi
|
||||
|
||||
if [ "$mode_from_config" = "matchwhitelist" ]; then
|
||||
if [ "$whitelists_disable_all" = "true" ]; then
|
||||
true "INFO: Not adding fso '$fso' to matchwhitelist because whitelists_disable_all=true"
|
||||
else
|
||||
## TODO: test/add white spaces inside file name support
|
||||
match_white_list+="$fso "
|
||||
fi
|
||||
## TODO: test/add white spaces inside file name support
|
||||
match_white_list+="$fso "
|
||||
continue
|
||||
fi
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user