mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-10-01 08:25:45 -04:00
port to safe_echo
This commit is contained in:
parent
8ec23ed712
commit
e2ae93a957
@ -261,7 +261,7 @@ add_nosuid_statoverride_entry() {
|
|||||||
log info "matchwhite_list_entry unset. Skipping. file_name: '${file_name}'"
|
log info "matchwhite_list_entry unset. Skipping. file_name: '${file_name}'"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
if echo "${file_name}" | grep --quiet --fixed-strings -- "${matchwhite_list_entry}"; then
|
if safe_echo "${file_name}" | grep --quiet --fixed-strings -- "${matchwhite_list_entry}"; then
|
||||||
is_match_whitelisted="true"
|
is_match_whitelisted="true"
|
||||||
log info "is_match_whitelisted=true. Skipping. file_name: '${file_name}'"
|
log info "is_match_whitelisted=true. Skipping. file_name: '${file_name}'"
|
||||||
## Stop looping through the match_white_list.
|
## Stop looping through the match_white_list.
|
||||||
@ -276,7 +276,7 @@ add_nosuid_statoverride_entry() {
|
|||||||
log info "disablematch_list_entry unset. Skipping. file_name: '${file_name}'"
|
log info "disablematch_list_entry unset. Skipping. file_name: '${file_name}'"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
if echo "${file_name}" | grep --quiet --fixed-strings -- "${disablematch_list_entry}"; then
|
if safe_echo "${file_name}" | grep --quiet --fixed-strings -- "${disablematch_list_entry}"; then
|
||||||
is_disable_whitelisted="true"
|
is_disable_whitelisted="true"
|
||||||
log info "is_disable_whitelisted=true. Skipping. file_name: '${file_name}'"
|
log info "is_disable_whitelisted=true. Skipping. file_name: '${file_name}'"
|
||||||
## Stop looping through the disablewhitelist.
|
## Stop looping through the disablewhitelist.
|
||||||
@ -377,7 +377,7 @@ set_file_perms() {
|
|||||||
log error "Cannot parse line: '${line}'" >&2
|
log error "Cannot parse line: '${line}'" >&2
|
||||||
## Debugging.
|
## Debugging.
|
||||||
du -hs /tmp || true
|
du -hs /tmp || true
|
||||||
echo "test -w /tmp: '$(test -w /tmp)'" >&2 || true
|
safe_echo "test -w /tmp: '$(test -w /tmp)'" >&2 || true
|
||||||
## Safer to exit with error in this case.
|
## Safer to exit with error in this case.
|
||||||
## https://forums.whonix.org/t/disable-suid-binaries/7706/59
|
## https://forums.whonix.org/t/disable-suid-binaries/7706/59
|
||||||
exit "${exit_code}"
|
exit "${exit_code}"
|
||||||
@ -386,10 +386,10 @@ set_file_perms() {
|
|||||||
log info "Parsing line: fso='${fso}' mode_from_config='${mode_from_config}' owner_from_config='${owner_from_config}' group_from_config='${group_from_config}' capability_from_config='${capability_from_config}'"
|
log info "Parsing line: fso='${fso}' mode_from_config='${mode_from_config}' owner_from_config='${owner_from_config}' group_from_config='${group_from_config}' capability_from_config='${capability_from_config}'"
|
||||||
|
|
||||||
## Debugging.
|
## Debugging.
|
||||||
#echo "line: '${line}'"
|
#safe_echo "line: '${line}'"
|
||||||
#echo "fso: '${fso}'"
|
#safe_echo "fso: '${fso}'"
|
||||||
#echo "mode_from_config: '${mode_from_config}'"
|
#safe_echo "mode_from_config: '${mode_from_config}'"
|
||||||
#echo "owner_from_config: '${owner_from_config}'"
|
#safe_echo "owner_from_config: '${owner_from_config}'"
|
||||||
|
|
||||||
local fso_without_trailing_slash
|
local fso_without_trailing_slash
|
||||||
fso_without_trailing_slash="${fso%/}"
|
fso_without_trailing_slash="${fso%/}"
|
||||||
@ -476,7 +476,7 @@ set_file_perms() {
|
|||||||
if test "${dpkg_statoverride_list_exit_code}" = "0"; then
|
if test "${dpkg_statoverride_list_exit_code}" = "0"; then
|
||||||
local grep_line
|
local grep_line
|
||||||
grep_line="${owner_from_config} ${group_from_config} ${mode_for_grep} ${fso_without_trailing_slash}"
|
grep_line="${owner_from_config} ${group_from_config} ${mode_for_grep} ${fso_without_trailing_slash}"
|
||||||
if echo "${dpkg_statoverride_list_output}" | grep --quiet --fixed-strings -- "${grep_line}"; then
|
if safe_echo "${dpkg_statoverride_list_output}" | grep --quiet --fixed-strings -- "${grep_line}"; then
|
||||||
log info "The owner/group/mode matches fso entry. No further action required."
|
log info "The owner/group/mode matches fso entry. No further action required."
|
||||||
else
|
else
|
||||||
log info "The owner/group/mode does not match fso entry, updating entry."
|
log info "The owner/group/mode does not match fso entry, updating entry."
|
||||||
@ -576,9 +576,9 @@ parse_config_folder() {
|
|||||||
## receive SIGPIPE, which then fails the pipeline since 'set -o pipefail' is
|
## receive SIGPIPE, which then fails the pipeline since 'set -o pipefail' is
|
||||||
## set for this script.
|
## set for this script.
|
||||||
passwd_file_contents_temp="$(getent passwd)"
|
passwd_file_contents_temp="$(getent passwd)"
|
||||||
echo "${passwd_file_contents_temp}" | tee -- "${store_dir}/private/passwd" >/dev/null
|
safe_echo "${passwd_file_contents_temp}" | tee -- "${store_dir}/private/passwd" >/dev/null
|
||||||
group_file_contents_temp="$(getent group)"
|
group_file_contents_temp="$(getent group)"
|
||||||
echo "${group_file_contents_temp}" | tee -- "${store_dir}/private/group" >/dev/null
|
safe_echo "${group_file_contents_temp}" | tee -- "${store_dir}/private/group" >/dev/null
|
||||||
|
|
||||||
#passwd_file_contents="$(cat "${store_dir}/private/passwd")"
|
#passwd_file_contents="$(cat "${store_dir}/private/passwd")"
|
||||||
#group_file_contents="$(cat "${store_dir}/private/group")"
|
#group_file_contents="$(cat "${store_dir}/private/group")"
|
||||||
@ -641,9 +641,9 @@ spare() {
|
|||||||
if test "${remove_file}" = "${file_name}"; then
|
if test "${remove_file}" = "${file_name}"; then
|
||||||
verbose="--verbose"
|
verbose="--verbose"
|
||||||
remove_one=true
|
remove_one=true
|
||||||
echo "${remove_one}" | tee -- "${store_dir}/remove_one" >/dev/null
|
safe_echo "${remove_one}" | tee -- "${store_dir}/remove_one" >/dev/null
|
||||||
else
|
else
|
||||||
echo "false" | tee -- "${store_dir}/remove_one" >/dev/null
|
safe_echo "false" | tee -- "${store_dir}/remove_one" >/dev/null
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -712,7 +712,7 @@ check_root(){
|
|||||||
}
|
}
|
||||||
|
|
||||||
usage(){
|
usage(){
|
||||||
echo "Usage: ${0##*/} enable
|
safe_echo "Usage: ${0##*/} enable
|
||||||
${0##*/} disable [FILE|all]
|
${0##*/} disable [FILE|all]
|
||||||
|
|
||||||
Examples:
|
Examples:
|
||||||
|
Loading…
Reference in New Issue
Block a user