mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-09 22:57:53 +07:00
Code Issues Packages Projects Releases Wiki Activity

comment

Browse Source
This commit is contained in:
Patrick Schleizer 2019-12-21 14:36:42 -05:00
parent 1213415ce6
commit 3921846df6
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
usr/lib/security-misc/permission-hardening
View File

@ -200,9 +200,9 @@ add_nosuid_statoverride_entry() {
echo_wrapper_silent_audit dpkg-statoverride $dpkg_admindir_parameter_new_mode --add "$existing_owner" "$existing_group" "$new_mode" "$file_name"
fi
## /lib will hit ARG_MAX.
## That was before using '-perm /u=s,g=s'.
## https://forums.whonix.org/t/kernel-hardening/7296/326
## /lib will hit ARG_MAX if using bash 'shopt -s globstar' and '/lib/**'.
## Using 'find' with '-perm /u=s,g=s' is faster and avoids ARG_MAX.
## https://forums.whonix.org/t/disable-suid-binaries/7706/17
done < <( find "$fso_to_process" -perm /u=s,g=s -print0 | xargs -I{} -0 stat -c "%n %a %U %G" {} )
## Sanity test.