new security test: check for setgid directories
Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com>
This commit is contained in:
parent
e642fb425e
commit
51ba76940c
@ -1,4 +1,4 @@
|
|||||||
Changes in version 1.9.0
|
Changes in version 1.9.0 - Silvan Birthday Release
|
||||||
Sun Jan 15 2012 Davide Madrisan <davide.madrisan(a)gmail.com>
|
Sun Jan 15 2012 Davide Madrisan <davide.madrisan(a)gmail.com>
|
||||||
|
|
||||||
+ update
|
+ update
|
||||||
@ -33,11 +33,15 @@ Sun Jan 15 2012 Davide Madrisan <davide.madrisan(a)gmail.com>
|
|||||||
po/it/test02_pkgsecurity.po - Davide Madrisan:
|
po/it/test02_pkgsecurity.po - Davide Madrisan:
|
||||||
Updated.
|
Updated.
|
||||||
|
|
||||||
|
+ improvement
|
||||||
* libspec.lib - Davide Madrisan:
|
* libspec.lib - Davide Madrisan:
|
||||||
Rework rpmvars.init() in order to support rpm macro expressions.
|
Rework rpmvars.init() in order to support rpm macro expressions.
|
||||||
(Feature asked ages ago by Silvan Calarco...)
|
(Feature asked ages ago by Silvan Calarco...)
|
||||||
Modify debug output to get it more readable.
|
Modify debug output to get it more readable.
|
||||||
|
|
||||||
|
* tests/test02_pkgsecurity - Davide Madrisan:
|
||||||
|
New test: check for setgid directories.
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
Changes in version 1.8.2
|
Changes in version 1.8.2
|
||||||
|
@ -49,6 +49,9 @@ msgstr "controllo"
|
|||||||
msgid "checking for setuid binaries"
|
msgid "checking for setuid binaries"
|
||||||
msgstr "ricerca di binari setuid"
|
msgstr "ricerca di binari setuid"
|
||||||
|
|
||||||
|
msgid "checking for setgid directories"
|
||||||
|
msgstr "ricerca di directory setgid"
|
||||||
|
|
||||||
msgid "checking for unsecure use of \\`\\$\\$' in shell and perl scripts"
|
msgid "checking for unsecure use of \\`\\$\\$' in shell and perl scripts"
|
||||||
msgstr "ricerca di script shell e perl che utilizzano \\`\\$\\$' in modo insicuro"
|
msgstr "ricerca di script shell e perl che utilizzano \\`\\$\\$' in modo insicuro"
|
||||||
|
|
||||||
|
@ -112,6 +112,21 @@ function alltests() {
|
|||||||
let "i += 1"
|
let "i += 1"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
notify.note \
|
||||||
|
" * ${NOTE}"$"checking for setgid directories""${NORM}..."
|
||||||
|
|
||||||
|
let "i = 0"
|
||||||
|
for pck in ${rpmpkg_name[@]}; do
|
||||||
|
pushd $tmpextractdir/$i >/dev/null
|
||||||
|
# find setuid directories
|
||||||
|
for d in $(find -mindepth 2 -perm -2000 -type d 2>/dev/null); do
|
||||||
|
notify.warning "${NORM}${pck##*/} --> ${NOTE}${d/./}${NORM}"
|
||||||
|
let "total_issues += 1"
|
||||||
|
done
|
||||||
|
popd >/dev/null
|
||||||
|
let "i += 1"
|
||||||
|
done
|
||||||
|
|
||||||
# checking for unsecure use of $$ as random source in shell scripts
|
# checking for unsecure use of $$ as random source in shell scripts
|
||||||
notify.note " * ${NOTE}"$"\
|
notify.note " * ${NOTE}"$"\
|
||||||
checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
|
checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
|
||||||
|
Loading…
Reference in New Issue
Block a user