[Piuparts-commits] [SCM] piuparts git repository branch, piatti, updated. 0.45-75-g5fca52d
Andreas Beckmann
debian at abeckmann.de
Thu Jul 26 12:14:01 UTC 2012
The following commit has been merged in the piatti branch:
commit 2ae2e055c89efab2922d122a8f38a58908b75da4
Author: Andreas Beckmann <debian at abeckmann.de>
Date: Sat Jul 21 13:39:58 2012 +0200
new custom script: post_install_find_bad_permissions
search for world writable directories without sticky bit set
Signed-off-by: Andreas Beckmann <debian at abeckmann.de>
diff --git a/custom-scripts/scripts/post_install_find_bad_permissions b/custom-scripts/scripts/post_install_find_bad_permissions
new file mode 100755
index 0000000..7e9ef86
--- /dev/null
+++ b/custom-scripts/scripts/post_install_find_bad_permissions
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e
+
+# find world writables without sticky bit
+BADPERMS=$(find / -mount ! -type l ! -type c -perm -o+w ! -perm -1000)
+
+if [ -n "$BADPERMS" ]; then
+ echo "ERROR: BAD PERMISSIONS"
+ ls -lad $BADPERMS
+ exit 1
+fi
diff --git a/debian/changelog b/debian/changelog
index e7ef6a3..afe02db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -39,6 +39,8 @@ piuparts (0.46) UNRELEASED; urgency=low
* New helper script: master-bin/reclassify_bugged.
* New custom script post_setup_forbid_home: replace /home with a file to
prevent creating home directories there. (Closes: #677332)
+ * New custom script post_install_find_bad_permissions: look for world
+ writable directories without sticky bit set.
-- Holger Levsen <holger at debian.org> Thu, 21 Jun 2012 22:25:57 +0200
--
piuparts git repository
More information about the Piuparts-commits
mailing list