From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 69DE01387D3 for ; Sun, 26 Oct 2014 15:16:21 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C9A3AE08BF; Sun, 26 Oct 2014 15:16:20 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 63462E08AD for ; Sun, 26 Oct 2014 15:16:20 +0000 (UTC) Received: from semaphore.home.gateway (ppp118-209-36-119.lns20.mel4.internode.on.net [118.209.36.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: kensington) by smtp.gentoo.org (Postfix) with ESMTPSA id 942243403FB; Sun, 26 Oct 2014 15:16:18 +0000 (UTC) From: Michael Palimaka To: gentoo-portage-dev@lists.gentoo.org Cc: Michael Palimaka Subject: [gentoo-portage-dev] [PATCH 3/3] install-qa-check.d/90world-writable: Write log and general cleanup. Date: Mon, 27 Oct 2014 02:16:16 +1100 Message-Id: <1414336576-15656-1-git-send-email-kensington@gentoo.org> X-Mailer: git-send-email 2.0.4 In-Reply-To: <1414253761-6310-3-git-send-email-kensington@gentoo.org> References: <1414253761-6310-3-git-send-email-kensington@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@lists.gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org X-Archives-Salt: 1156a25b-c38b-42ec-9db4-377266070c13 X-Archives-Hash: 85dc54549c9caf221bf03950f2496135 Use eqawarn instead of __vecho for visibility. Present the list of offending files newline-delimitered for consistency with other checks. --- bin/install-qa-check.d/90world-writable | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/bin/install-qa-check.d/90world-writable b/bin/install-qa-check.d/90world-writable index 771027e..4d5f4ab 100644 --- a/bin/install-qa-check.d/90world-writable +++ b/bin/install-qa-check.d/90world-writable @@ -2,21 +2,35 @@ world_writable_check() { # Now we look for all world writable files. - local unsafe_files=$(find "${ED}" -type f -perm -2 | sed -e "s:^${ED}:- :") + local unsafe_files=$(find "${ED}" -type f -perm -2 | sed -e "s:^${ED}:/:") + local OLDIFS x + + OLDIFS=$IFS + IFS=$'\n' + if [[ -n ${unsafe_files} ]] ; then - __vecho "QA Security Notice: world writable file(s):" - __vecho "${unsafe_files}" - __vecho "- This may or may not be a security problem, most of the time it is one." - __vecho "- Please double check that $PF really needs a world writeable bit and file bugs accordingly." - sleep 1 + eqawarn "QA Security Notice: world writable file(s):" + + for x in $unsafe_files ; do + __eqawarnlog world-writable $x + done + + eqawarn "This may or may not be a security problem, most of the time it is one." + eqawarn "Please double check that $PF really needs a world writeable bit and file bugs accordingly." + eqawarn fi local unsafe_files=$(find "${ED}" -type f '(' -perm -2002 -o -perm -4002 ')' | sed -e "s:^${ED}:/:") if [[ -n ${unsafe_files} ]] ; then eqawarn "QA Notice: Unsafe files detected (set*id and world writable)" - eqawarn "${unsafe_files}" + + for x in $unsafe_files ; do + __eqawarnlog world-writable-setid $x + done die "Unsafe files found in \${D}. Portage will not install them." fi + + IFS=OLDIFS } world_writable_check -- 2.0.4