refactoring

usr/lib/security-misc/permission-hardening

@@ -17,8 +17,7 @@ echo_wrapper() {
    #"$@"
 }
 
-add_statoverride_entry() {
-  if [ "${nosuid}" = "true" ]; then
+add_nosuid_statoverride_entry() {
   echo "fso: $fso"
   while read -r line; do
     if ! read -r file_name existing_mode owner group; then
@@ -55,9 +54,6 @@ add_statoverride_entry() {
       fi
     fi
   done < <( stat -c "%n %a %U %G" "${fso_without_trailing_slash}/"** )
-  else
-    echo_wrapper dpkg-statoverride --add --update "$owner" "$group" "$mode_from_config" "$fso_without_trailing_slash"
-  fi
 }
 
 set_file_perms() {
@@ -100,7 +96,7 @@ set_file_perms() {
       ## If mode_from_config is "nosuid" the config does not set owner and
       ## group. Therefore do not enforce owner/group check.
 
-      add_statoverride_entry
+      add_nosuid_statoverride_entry
     else
       if ! seq -w 000 4777 | grep -qw "$mode_from_config"; then
          echo "ERROR: Mode '$mode_from_config' is invalid!" >&2
@@ -125,18 +121,14 @@ set_file_perms() {
           ## fso_without_trailing_slash instead of fso to prevent
           ## "dpkg-statoverride: warning: stripping trailing /"
           echo_wrapper dpkg-statoverride --remove "$fso_without_trailing_slash"
-          add_statoverride_entry
+          echo_wrapper dpkg-statoverride --add --update "$owner" "$group" "$mode_from_config" "$fso_without_trailing_slash"
         fi
       else
         ## There is no fso entry. Therefore add one.
-        add_statoverride_entry
+        echo_wrapper dpkg-statoverride --add --update "$owner" "$group" "$mode_from_config" "$fso_without_trailing_slash"
       fi
     fi
 
-
-
-
-
     if [ "$capability" = "" ]; then
       continue
     fi