mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-06-27 00:20:36 -04:00
e14b81b15e
Replace subprocess grep calls with bash substring matching in check_nosuid_whitelist function. This eliminates ~10k unneeded subprocess spawns that were causing significant performance degradation. In testing, it improves overall script execution speed by an order of magnitude: Before patch: $ sudo hyperfine -- './permission-hardener enable' Benchmark 1: ./permission-hardener enable Time (mean ± σ): 11.906 s ± 0.974 s [User: 3.639 s, System: 8.728 s] Range (min … max): 10.430 s … 14.090 s 10 runs After patch: $ sudo hyperfine -- './permission-hardener enable' Benchmark 1: ./permission-hardener enable Time (mean ± σ): 802.8 ms ± 178.5 ms [User: 283.0 ms, System: 471.9 ms] Range (min … max): 639.4 ms … 1092.3 ms 10 runs |
||
|---|---|---|
| .. | ||
| disabled-bluetooth-by-security-misc | ||
| disabled-cdrom-by-security-misc | ||
| disabled-filesys-by-security-misc | ||
| disabled-firewire-by-security-misc | ||
| disabled-framebuffer-by-security-misc | ||
| disabled-gps-by-security-misc | ||
| disabled-intelme-by-security-misc | ||
| disabled-intelpmt-by-security-misc | ||
| disabled-miscellaneous-by-security-misc | ||
| disabled-netfilesys-by-security-misc | ||
| disabled-network-by-security-misc | ||
| disabled-thunderbolt-by-security-misc | ||
| permission-hardener | ||
| remount-secure | ||