mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-07-11 00:10:00 +07:00
fix
This commit is contained in:
Patrick Schleizer
@ -169,13 +169,13 @@ add_nosuid_statoverride_entry() {
|
||||
|
||||
echo "INFO: $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode' | new_mode: '$new_mode'"
|
||||
|
||||
if dpkg-statoverride $dpkg_admindir_parameter_existing_mode --list "$file_name"; then
|
||||
if dpkg-statoverride --list "$file_name" $dpkg_admindir_parameter_existing_mode ; then
|
||||
## Existing mode already saved previously. No need to save again.
|
||||
true OK
|
||||
else
|
||||
## Save existing_mode in separate database.
|
||||
## Not using --update as not intending to enforce existing_mode.
|
||||
echo_wrapper_silent_audit $dpkg_admindir_parameter_existing_mode --add "$existing_owner" "$existing_group" "$existing_mode" "$file_name"
|
||||
echo_wrapper_silent_audit --add "$existing_owner" "$existing_group" "$existing_mode" "$file_name" $dpkg_admindir_parameter_existing_mode
|
||||
fi
|
||||
|
||||
## No need to check "dpkg-statoverride --list" for existing entries.
|
||||
@ -186,13 +186,13 @@ add_nosuid_statoverride_entry() {
|
||||
echo_wrapper_ignore dpkg-statoverride --remove "$file_name"
|
||||
|
||||
## Remove from separate database.
|
||||
echo_wrapper_ignore $dpkg_admindir_parameter_new_mode dpkg-statoverride --remove "$file_name"
|
||||
echo_wrapper_ignore dpkg-statoverride --remove "$file_name" $dpkg_admindir_parameter_new_mode
|
||||
|
||||
## Add to real database and use --update to make changes on disk.
|
||||
echo_wrapper_audit dpkg-statoverride --add --update "$existing_owner" "$existing_group" "$new_mode" "$file_name"
|
||||
|
||||
## Not using --update as this is only for recording.
|
||||
echo_wrapper_silent_audit $dpkg_admindir_parameter_new_mode dpkg-statoverride --add "$existing_owner" "$existing_group" "$new_mode" "$file_name"
|
||||
echo_wrapper_silent_audit dpkg-statoverride --add "$existing_owner" "$existing_group" "$new_mode" "$file_name"
|
||||
fi
|
||||
|
||||
## /lib will hit ARG_MAX.
|
||||
@ -346,16 +346,16 @@ set_file_perms() {
|
||||
## fso_without_trailing_slash instead of fso to prevent
|
||||
## "dpkg-statoverride: warning: stripping trailing /"
|
||||
|
||||
if dpkg-statoverride $dpkg_admindir_parameter_existing_mode --list "$fso_without_trailing_slash"; then
|
||||
if dpkg-statoverride --list "$fso_without_trailing_slash" $dpkg_admindir_parameter_existing_mode ; then
|
||||
## Existing mode already saved previously. No need to save again.
|
||||
true OK
|
||||
else
|
||||
## Save existing_mode in separate database.
|
||||
## Not using --update as not intending to enforce existing_mode.
|
||||
echo_wrapper_silent_audit $dpkg_admindir_parameter_existing_mode --add "$existing_owner" "$existing_group" "$existing_mode" "$fso_without_trailing_slash"
|
||||
echo_wrapper_silent_audit --add "$existing_owner" "$existing_group" "$existing_mode" "$fso_without_trailing_slash" $dpkg_admindir_parameter_existing_mode
|
||||
fi
|
||||
|
||||
echo_wrapper_audit $dpkg_admindir_parameter_new_mode dpkg-statoverride --remove "$fso_without_trailing_slash"
|
||||
echo_wrapper_audit dpkg-statoverride --remove "$fso_without_trailing_slash" $dpkg_admindir_parameter_new_mode
|
||||
|
||||
## Remove from and add to real database.
|
||||
echo_wrapper_audit dpkg-statoverride --remove "$fso_without_trailing_slash"
|
||||
@ -363,18 +363,18 @@ set_file_perms() {
|
||||
|
||||
## Save in separate database.
|
||||
## Not using --update as this is only for saving.
|
||||
echo_wrapper_silent_audit $dpkg_admindir_parameter_new_mode dpkg-statoverride --add "$owner_from_config" "$group_from_config" "$mode_from_config" "$fso_without_trailing_slash"
|
||||
echo_wrapper_silent_audit dpkg-statoverride --add "$owner_from_config" "$group_from_config" "$mode_from_config" "$fso_without_trailing_slash" $dpkg_admindir_parameter_new_mode
|
||||
fi
|
||||
else
|
||||
## There is no fso entry. Therefore add one.
|
||||
|
||||
if dpkg-statoverride $dpkg_admindir_parameter_existing_mode --list "$fso_without_trailing_slash"; then
|
||||
if dpkg-statoverride --list "$fso_without_trailing_slash" $dpkg_admindir_parameter_existing_mode ; then
|
||||
## Existing mode already saved previously. No need to save again.
|
||||
true OK
|
||||
else
|
||||
## Save existing_mode in separate database.
|
||||
## Not using --update as not intending to enforce existing_mode.
|
||||
echo_wrapper_silent_audit $dpkg_admindir_parameter_existing_mode --add "$existing_owner" "$existing_group" "$existing_mode" "$fso_without_trailing_slash"
|
||||
echo_wrapper_silent_audit --add "$existing_owner" "$existing_group" "$existing_mode" "$fso_without_trailing_slash" $dpkg_admindir_parameter_existing_mode
|
||||
fi
|
||||
|
||||
## Add to real database.
|
||||
@ -382,7 +382,7 @@ set_file_perms() {
|
||||
|
||||
## Save in separate database.
|
||||
## Not using --update as this is only for saving.
|
||||
echo_wrapper_silent_audit $dpkg_admindir_parameter_new_mode dpkg-statoverride --add "$owner_from_config" "$group_from_config" "$mode_from_config" "$fso_without_trailing_slash"
|
||||
echo_wrapper_silent_audit dpkg-statoverride --add "$owner_from_config" "$group_from_config" "$mode_from_config" "$fso_without_trailing_slash" $dpkg_admindir_parameter_new_mode
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user