Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-09 07:07:53 -05:00
Code Issues Packages Projects Releases Wiki Activity

more use of end of options

Browse Source
This commit is contained in:
Patrick Schleizer 2024-07-26 08:39:11 -04:00
parent 8e40c10c31
commit d96c0633d4
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
usr/bin/permission-hardener
View File

@ -220,7 +220,7 @@ add_nosuid_statoverride_entry() {
log info "matchwhite_list_entry unset. Skipping. file_name: '${file_name}'" log info "matchwhite_list_entry unset. Skipping. file_name: '${file_name}'"
continue continue
fi fi
if echo "${file_name}" | grep --quiet --fixed-strings -- "${matchwhite_list_entry}"; then if echo -- "${file_name}" | grep --quiet --fixed-strings -- "${matchwhite_list_entry}"; then
is_match_whitelisted="true" is_match_whitelisted="true"
log info "is_match_whitelisted=true. Skipping. file_name: '${file_name}'" log info "is_match_whitelisted=true. Skipping. file_name: '${file_name}'"
## Stop looping through the match_white_list. ## Stop looping through the match_white_list.
@ -235,7 +235,7 @@ add_nosuid_statoverride_entry() {
log info "disablematch_list_entry unset. Skipping. file_name: '${file_name}'" log info "disablematch_list_entry unset. Skipping. file_name: '${file_name}'"
continue continue
fi fi
if echo "${file_name}" | grep --quiet --fixed-strings -- "${disablematch_list_entry}"; then if echo -- "${file_name}" | grep --quiet --fixed-strings -- "${disablematch_list_entry}"; then
is_disable_whitelisted="true" is_disable_whitelisted="true"
log info "is_disable_whitelisted=true. Skipping. file_name: '${file_name}'" log info "is_disable_whitelisted=true. Skipping. file_name: '${file_name}'"
## Stop looping through the disablewhitelist. ## Stop looping through the disablewhitelist.
@ -339,7 +339,7 @@ set_file_perms() {
log error "Cannot parse line: '${line}'" >&2 log error "Cannot parse line: '${line}'" >&2
## Debugging. ## Debugging.
du -hs /tmp || true du -hs /tmp || true
echo "test -w /tmp: '$(test -w /tmp)'" >&2 || true echo -- "test -w /tmp: '$(test -w /tmp)'" >&2 || true
## Safer to exit with error in this case. ## Safer to exit with error in this case.
## https://forums.whonix.org/t/disable-suid-binaries/7706/59 ## https://forums.whonix.org/t/disable-suid-binaries/7706/59
exit "${exit_code}" exit "${exit_code}"
@ -438,7 +438,7 @@ set_file_perms() {
if test "${dpkg_statoverride_list_exit_code}" = "0"; then if test "${dpkg_statoverride_list_exit_code}" = "0"; then
local grep_line local grep_line
grep_line="${owner_from_config} ${group_from_config} ${mode_for_grep} ${fso_without_trailing_slash}" grep_line="${owner_from_config} ${group_from_config} ${mode_for_grep} ${fso_without_trailing_slash}"
if echo "${dpkg_statoverride_list_output}" | grep --quiet --fixed-strings -- "${grep_line}"; then if echo -- "${dpkg_statoverride_list_output}" | grep --quiet --fixed-strings -- "${grep_line}"; then
log info "The owner/group/mode matches fso entry. No further action required." log info "The owner/group/mode matches fso entry. No further action required."
else else
log info "The owner/group/mode does not match fso entry, updating entry." log info "The owner/group/mode does not match fso entry, updating entry."
@ -538,9 +538,9 @@ parse_config_folder() {
## receive SIGPIPE, which then fails the pipeline since 'set -o pipefail' is ## receive SIGPIPE, which then fails the pipeline since 'set -o pipefail' is
## set for this script. ## set for this script.
passwd_file_contents_temp="$(getent passwd)" passwd_file_contents_temp="$(getent passwd)"
echo "${passwd_file_contents_temp}" | tee "${store_dir}/private/passwd" >/dev/null echo -- "${passwd_file_contents_temp}" | tee -- "${store_dir}/private/passwd" >/dev/null
group_file_contents_temp="$(getent group)" group_file_contents_temp="$(getent group)"
echo "${group_file_contents_temp}" | tee "${store_dir}/private/group" >/dev/null echo -- "${group_file_contents_temp}" | tee -- "${store_dir}/private/group" >/dev/null
#passwd_file_contents="$(cat "${store_dir}/private/passwd")" #passwd_file_contents="$(cat "${store_dir}/private/passwd")"
#group_file_contents="$(cat "${store_dir}/private/group")" #group_file_contents="$(cat "${store_dir}/private/group")"
@ -603,9 +603,9 @@ spare() {
if test "${remove_file}" = "${file_name}"; then if test "${remove_file}" = "${file_name}"; then
verbose="--verbose" verbose="--verbose"
remove_one=true remove_one=true
echo "${remove_one}" | tee "${store_dir}/remove_one" >/dev/null echo -- "${remove_one}" | tee -- "${store_dir}/remove_one" >/dev/null
else else
echo "false" | tee "${store_dir}/remove_one" >/dev/null echo -- "false" | tee -- "${store_dir}/remove_one" >/dev/null
continue continue
fi fi
fi fi
@ -674,7 +674,7 @@ check_root(){
} }
usage(){ usage(){
echo "Usage: ${0##*/} enable echo -- "Usage: ${0##*/} enable
${0##*/} disable [FILE|all] ${0##*/} disable [FILE|all]
Examples: Examples: