new security test: check for setgid directories

Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com>
This commit is contained in:
Davide Madrisan 2012-01-15 14:00:08 +01:00
parent e642fb425e
commit 51ba76940c
3 changed files with 23 additions and 1 deletions

View File

@ -1,4 +1,4 @@
Changes in version 1.9.0 Changes in version 1.9.0 - Silvan Birthday Release
Sun Jan 15 2012 Davide Madrisan <davide.madrisan(a)gmail.com> Sun Jan 15 2012 Davide Madrisan <davide.madrisan(a)gmail.com>
+ update + update
@ -33,11 +33,15 @@ Sun Jan 15 2012 Davide Madrisan <davide.madrisan(a)gmail.com>
po/it/test02_pkgsecurity.po - Davide Madrisan: po/it/test02_pkgsecurity.po - Davide Madrisan:
Updated. Updated.
+ improvement
* libspec.lib - Davide Madrisan: * libspec.lib - Davide Madrisan:
Rework rpmvars.init() in order to support rpm macro expressions. Rework rpmvars.init() in order to support rpm macro expressions.
(Feature asked ages ago by Silvan Calarco...) (Feature asked ages ago by Silvan Calarco...)
Modify debug output to get it more readable. Modify debug output to get it more readable.
* tests/test02_pkgsecurity - Davide Madrisan:
New test: check for setgid directories.
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 1.8.2 Changes in version 1.8.2

View File

@ -49,6 +49,9 @@ msgstr "controllo"
msgid "checking for setuid binaries" msgid "checking for setuid binaries"
msgstr "ricerca di binari setuid" msgstr "ricerca di binari setuid"
msgid "checking for setgid directories"
msgstr "ricerca di directory setgid"
msgid "checking for unsecure use of \\`\\$\\$' in shell and perl scripts" msgid "checking for unsecure use of \\`\\$\\$' in shell and perl scripts"
msgstr "ricerca di script shell e perl che utilizzano \\`\\$\\$' in modo insicuro" msgstr "ricerca di script shell e perl che utilizzano \\`\\$\\$' in modo insicuro"

View File

@ -112,6 +112,21 @@ function alltests() {
let "i += 1" let "i += 1"
done done
notify.note \
" * ${NOTE}"$"checking for setgid directories""${NORM}..."
let "i = 0"
for pck in ${rpmpkg_name[@]}; do
pushd $tmpextractdir/$i >/dev/null
# find setuid directories
for d in $(find -mindepth 2 -perm -2000 -type d 2>/dev/null); do
notify.warning "${NORM}${pck##*/} --> ${NOTE}${d/./}${NORM}"
let "total_issues += 1"
done
popd >/dev/null
let "i += 1"
done
# checking for unsecure use of $$ as random source in shell scripts # checking for unsecure use of $$ as random source in shell scripts
notify.note " * ${NOTE}"$"\ notify.note " * ${NOTE}"$"\
checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..." checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."