Gentoo Archives: gentoo-portage-dev

From:	Michael Palimaka <kensington@g.o>
To:	gentoo-portage-dev@l.g.o
Cc:	Michael Palimaka <kensington@g.o>
Subject:	[gentoo-portage-dev] [PATCH 3/3] install-qa-check.d/90world-writable: Write log and general cleanup.
Date:	Sat, 25 Oct 2014 16:17:58
Message-Id:	`1414253761-6310-3-git-send-email-kensington@gentoo.org`
In Reply to:	[gentoo-portage-dev] [PATCH 1/3] bin/misc-functions.sh: Introduce eqalog and eqawarnlog functions. by Michael Palimaka

1	Use eqawarn instead of __vecho for visibility.
2
3	Present the list of offending files newline-delimitered for consistency
4	with other checks.
5	---
6	bin/install-qa-check.d/90world-writable \| 28 +++++++++++++++++++++-------
7	1 file changed, 21 insertions(+), 7 deletions(-)
8
9	diff --git a/bin/install-qa-check.d/90world-writable b/bin/install-qa-check.d/90world-writable
10	index 771027e..ff186c5 100644
11	--- a/bin/install-qa-check.d/90world-writable
12	+++ b/bin/install-qa-check.d/90world-writable
13	@@ -2,21 +2,35 @@
14
15	world_writable_check() {
16	# Now we look for all world writable files.
17	- local unsafe_files=$(find "${ED}" -type f -perm -2 \| sed -e "s:^${ED}:- :")
18	+ local unsafe_files=$(find "${ED}" -type f -perm -2 \| sed -e "s:^${ED}:/:")
19	+ local OLDIFS x
20	+
21	+ OLDIFS=$IFS
22	+ IFS=$'\n'
23	+
24	if [[ -n ${unsafe_files} ]] ; then
25	- __vecho "QA Security Notice: world writable file(s):"
26	- __vecho "${unsafe_files}"
27	- __vecho "- This may or may not be a security problem, most of the time it is one."
28	- __vecho "- Please double check that $PF really needs a world writeable bit and file bugs accordingly."
29	- sleep 1
30	+ eqawarn "QA Security Notice: world writable file(s):"
31	+
32	+ for x in $unsafe_files ; do
33	+ eqawarnlog world-writable $x
34	+ done
35	+
36	+ eqawarn "This may or may not be a security problem, most of the time it is one."
37	+ eqawarn "Please double check that $PF really needs a world writeable bit and file bugs accordingly."
38	+ eqawarn
39	fi
40
41	local unsafe_files=$(find "${ED}" -type f '(' -perm -2002 -o -perm -4002 ')' \| sed -e "s:^${ED}:/:")
42	if [[ -n ${unsafe_files} ]] ; then
43	eqawarn "QA Notice: Unsafe files detected (set*id and world writable)"
44	- eqawarn "${unsafe_files}"
45	+
46	+ for x in $unsafe_files ; do
47	+ eqawarnlog world-writable-setid $x
48	+ done
49	die "Unsafe files found in \${D}. Portage will not install them."
50	fi
51	+
52	+ IFS=OLDIFS
53	}
54
55	world_writable_check
56	--
57	2.0.4

Replies

Subject	Author
[gentoo-portage-dev] [PATCH 3/3] install-qa-check.d/90world-writable: Write log and general cleanup.	Michael Palimaka <kensington@g.o>

Report Message

Find on MARC Find on Google Groups