new security test: check for setgid directories

Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com>
This commit is contained in:
Davide Madrisan 2012-01-15 14:00:08 +01:00
parent e642fb425e
commit 51ba76940c
3 changed files with 23 additions and 1 deletions

View File

@ -1,4 +1,4 @@
Changes in version 1.9.0
Changes in version 1.9.0 - Silvan Birthday Release
Sun Jan 15 2012 Davide Madrisan <davide.madrisan(a)gmail.com>
+ update
@ -33,11 +33,15 @@ Sun Jan 15 2012 Davide Madrisan <davide.madrisan(a)gmail.com>
po/it/test02_pkgsecurity.po - Davide Madrisan:
Updated.
+ improvement
* libspec.lib - Davide Madrisan:
Rework rpmvars.init() in order to support rpm macro expressions.
(Feature asked ages ago by Silvan Calarco...)
Modify debug output to get it more readable.
* tests/test02_pkgsecurity - Davide Madrisan:
New test: check for setgid directories.
--------------------------------------------------------------------------------
Changes in version 1.8.2

View File

@ -49,6 +49,9 @@ msgstr "controllo"
msgid "checking for setuid binaries"
msgstr "ricerca di binari setuid"
msgid "checking for setgid directories"
msgstr "ricerca di directory setgid"
msgid "checking for unsecure use of \\`\\$\\$' in shell and perl scripts"
msgstr "ricerca di script shell e perl che utilizzano \\`\\$\\$' in modo insicuro"

View File

@ -112,6 +112,21 @@ function alltests() {
let "i += 1"
done
notify.note \
" * ${NOTE}"$"checking for setgid directories""${NORM}..."
let "i = 0"
for pck in ${rpmpkg_name[@]}; do
pushd $tmpextractdir/$i >/dev/null
# find setuid directories
for d in $(find -mindepth 2 -perm -2000 -type d 2>/dev/null); do
notify.warning "${NORM}${pck##*/} --> ${NOTE}${d/./}${NORM}"
let "total_issues += 1"
done
popd >/dev/null
let "i += 1"
done
# checking for unsecure use of $$ as random source in shell scripts
notify.note " * ${NOTE}"$"\
checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."