Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists"

Browse Source 
This reverts commit 36a471ebce.
This commit is contained in:
Patrick Schleizer 2020-12-01 05:10:26 -05:00
parent 704f0500ba
commit b09cc0de6a
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
2 changed files with 4 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
etc/permission-hardening.d/30_default.conf
View File

@ -15,12 +15,6 @@
## TODO: white spaces inside file name untested and probably will not work. ## TODO: white spaces inside file name untested and probably will not work.
######################################################################
# Global Settings
######################################################################
#whitelists_disable_all=true
###################################################################### ######################################################################
# SUID disablewhitelist # SUID disablewhitelist
###################################################################### ######################################################################

22
usr/lib/security-misc/permission-hardening
View File

@ -252,12 +252,6 @@ set_file_perms() {
exit "$exit_code" exit "$exit_code"
fi fi
if [ "$line" = 'whitelists_disable_all=true' ]; then
whitelists_disable_all=true
echo "INFO: whitelists_disable_all=true - all whitelists disabled."
continue
fi
#global fso #global fso
local mode_from_config owner_from_config group_from_config capability_from_config local mode_from_config owner_from_config group_from_config capability_from_config
if ! read -r fso mode_from_config owner_from_config group_from_config capability_from_config <<< "$line" ; then if ! read -r fso mode_from_config owner_from_config group_from_config capability_from_config <<< "$line" ; then
@ -281,22 +275,14 @@ set_file_perms() {
fi fi
if [ "$mode_from_config" = "exactwhitelist" ]; then if [ "$mode_from_config" = "exactwhitelist" ]; then
if [ "$whitelists_disable_all" = "true" ]; then ## TODO: test/add white spaces inside file name support
true "INFO: Not adding fso '$fso' to exact_white_list because whitelists_disable_all=true" exact_white_list+="$fso "
else
## TODO: test/add white spaces inside file name support
exact_white_list+="$fso "
fi
continue continue
fi fi
if [ "$mode_from_config" = "matchwhitelist" ]; then if [ "$mode_from_config" = "matchwhitelist" ]; then
if [ "$whitelists_disable_all" = "true" ]; then ## TODO: test/add white spaces inside file name support
true "INFO: Not adding fso '$fso' to matchwhitelist because whitelists_disable_all=true" match_white_list+="$fso "
else
## TODO: test/add white spaces inside file name support
match_white_list+="$fso "
fi
continue continue
fi fi