speed up setuid removal by using find with '-perm /u=s,g=s'

https://forums.whonix.org/t/permission-hardening/8655/19
This commit is contained in:
Patrick Schleizer 2019-12-20 10:31:26 -05:00
parent 4cfdf2c65b
commit 1ffa8e197e
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48

View File

@ -18,7 +18,7 @@ echo_wrapper() {
add_nosuid_statoverride_entry() { add_nosuid_statoverride_entry() {
fso_to_process="${fso_without_trailing_slash}/" fso_to_process="${fso_without_trailing_slash}/"
should_be_counter="$(find "$fso_to_process" | wc -l)" should_be_counter="$(find "$fso_to_process" -perm /u=s,g=s | wc -l)"
counter_actual=0 counter_actual=0
while read -r line; do while read -r line; do
@ -119,7 +119,7 @@ add_nosuid_statoverride_entry() {
## /lib will hit ARG_MAX. ## /lib will hit ARG_MAX.
## https://forums.whonix.org/t/kernel-hardening/7296/326 ## https://forums.whonix.org/t/kernel-hardening/7296/326
done < <( find "$fso_to_process" -print0 | xargs -I{} -0 stat -c "%n %a %U %G" {} ) done < <( find "$fso_to_process" -perm /u=s,g=s -print0 | xargs -I{} -0 stat -c "%n %a %U %G" {} )
## Sanity test. ## Sanity test.
if [ ! "$should_be_counter" = "$counter_actual" ]; then if [ ! "$should_be_counter" = "$counter_actual" ]; then