From b09cc0de6af2d7e12110a0f3030234539288abad Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue, 1 Dec 2020 05:10:26 -0500
Subject: [PATCH] Revert "SUID Disabler and Permission Hardener: introduce
 configuration option to disable all whitelists"

This reverts commit 36a471ebce883f7a1660977f486b21ece320d0c2.
---
 etc/permission-hardening.d/30_default.conf |  6 ------
 usr/lib/security-misc/permission-hardening | 22 ++++------------------
 2 files changed, 4 insertions(+), 24 deletions(-)

diff --git a/etc/permission-hardening.d/30_default.conf b/etc/permission-hardening.d/30_default.conf
index 2557b2d..4e86fc1 100644
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@@ -15,12 +15,6 @@
 
 ## TODO: white spaces inside file name untested and probably will not work.
 
-######################################################################
-# Global Settings
-######################################################################
-
-#whitelists_disable_all=true
-
 ######################################################################
 # SUID disablewhitelist
 ######################################################################
diff --git a/usr/lib/security-misc/permission-hardening b/usr/lib/security-misc/permission-hardening
index cc9acfc..530d975 100755
--- a/usr/lib/security-misc/permission-hardening
+++ b/usr/lib/security-misc/permission-hardening
@@ -252,12 +252,6 @@ set_file_perms() {
          exit "$exit_code"
       fi
 
-      if [ "$line" = 'whitelists_disable_all=true' ]; then
-         whitelists_disable_all=true
-         echo "INFO: whitelists_disable_all=true - all whitelists disabled."
-         continue
-      fi
-
       #global fso
       local mode_from_config owner_from_config group_from_config capability_from_config
       if ! read -r fso mode_from_config owner_from_config group_from_config capability_from_config <<< "$line" ; then
@@ -281,22 +275,14 @@ set_file_perms() {
       fi
 
       if [ "$mode_from_config" = "exactwhitelist" ]; then
-         if [ "$whitelists_disable_all" = "true" ]; then
-            true "INFO: Not adding fso '$fso' to exact_white_list because whitelists_disable_all=true"
-         else
-            ## TODO: test/add white spaces inside file name support
-            exact_white_list+="$fso "
-         fi
+         ## TODO: test/add white spaces inside file name support
+         exact_white_list+="$fso "
          continue
       fi
 
       if [ "$mode_from_config" = "matchwhitelist" ]; then
-         if [ "$whitelists_disable_all" = "true" ]; then
-            true "INFO: Not adding fso '$fso' to matchwhitelist because whitelists_disable_all=true"
-         else
-            ## TODO: test/add white spaces inside file name support
-            match_white_list+="$fso "
-         fi
+         ## TODO: test/add white spaces inside file name support
+         match_white_list+="$fso "
          continue
       fi