rpms/sectool/devel sectool-0.7.4-filesystem.patch, NONE, 1.1 sectool.spec, 1.7, 1.8
Peter Vrabec (pvrabec)
fedora-extras-commits at redhat.com
Thu May 22 12:33:15 UTC 2008
- Previous message (by thread): rpms/kdelibs/devel kdelibs-4.0.72-parallel_devel.patch, 1.2, 1.3 kdelibs.spec, 1.319, 1.320
- Next message (by thread): rpms/sectool/F-9 sectool-0.7.4-filesystem.patch, NONE, 1.1 .cvsignore, 1.7, 1.8 sectool.spec, 1.7, 1.8 sources, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pvrabec
Update of /cvs/extras/rpms/sectool/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13119
Modified Files:
sectool.spec
Added Files:
sectool-0.7.4-filesystem.patch
Log Message:
filesystem: distinguish between world and group +w permission
sectool-0.7.4-filesystem.patch:
--- NEW FILE sectool-0.7.4-filesystem.patch ---
diff --git a/src/filesystem.c b/src/filesystem.c
index eab000f..c28901b 100644
--- a/src/filesystem.c
+++ b/src/filesystem.c
@@ -48,14 +48,14 @@ struct envinit_t vars[]={
* Error IDs
*/
#define ID_DIRWORLDW 1
-#define ID_FILEWORLDGROUPWX 2
+#define ID_FILEGROUPWX 2
#define ID_FILEWORLDW 3
#define ID_GROUPNOTFOUND 4
#define ID_NOPKG 5
#define ID_SUIDSCRIPT 6
#define ID_USERNOTFOUND 7
#define ID_WRONGSYMLINK 8
-
+#define ID_FILEWORLDWX 9
#define MAX_DIR_STACK_SIZE 16384
@@ -223,9 +223,12 @@ void check_object (const char *path, const struct stat *s) {
}
/* executable and world/group writable */
- if ((s->st_mode&(S_IXUSR|S_IXGRP|S_IXOTH)) &&
- (s->st_mode&(S_IWGRP|S_IWOTH))) {
- report (WARNING, ID_FILEWORLDGROUPWX, "File \"%s\" is executable and world/group writable.\n", path);
+ if ((s->st_mode&(S_IXUSR|S_IXGRP|S_IXOTH))) {
+ if (s->st_mode&(S_IWOTH)) {
+ report (ERROR, ID_FILEWORLDWX, "File \"%s\" is executable and world writable.\n", path);
+ } else if (s->st_mode&(S_IWGRP)) {
+ report (WARNING, ID_FILEGROUPWX, "File \"%s\" is executable and group writable.\n", path);
+ }
}
/* SUID script */
Index: sectool.spec
===================================================================
RCS file: /cvs/extras/rpms/sectool/devel/sectool.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- sectool.spec 22 May 2008 11:05:26 -0000 1.7
+++ sectool.spec 22 May 2008 12:32:35 -0000 1.8
@@ -1,9 +1,10 @@
Summary: A security audit system and intrusion detection system
Name: sectool
Version: 0.7.4
-Release: 1%{?dist}
+Release: 2%{?dist}
URL: https://hosted.fedoraproject.org/sectool/wiki/WikiStart
Source0: %{name}-%{version}.tar.bz2
+Patch1: sectool-0.7.4-filesystem.patch
License: GPLv2+
Group: Applications/System
Requires: python2 gettext coreutils rpm-python
@@ -30,6 +31,7 @@
%prep
%setup -q
+%patch1 -p1 -b .filesystem
%build
make %{?_smp_mflags}
@@ -91,6 +93,9 @@
%changelog
+* Thu May 22 2008 Peter Vrabec <pvrabec at redhat.com> - 0.7.4-2
+- filesystem: distinguish between world and group +w permission
+
* Wed May 21 2008 Peter Vrabec <pvrabec at redhat.com> - 0.7.4-1
- new upstream release, lots of fixes and improvements,
see changelog
- Previous message (by thread): rpms/kdelibs/devel kdelibs-4.0.72-parallel_devel.patch, 1.2, 1.3 kdelibs.spec, 1.319, 1.320
- Next message (by thread): rpms/sectool/F-9 sectool-0.7.4-filesystem.patch, NONE, 1.1 .cvsignore, 1.7, 1.8 sectool.spec, 1.7, 1.8 sources, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list