Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

run_parts updates #707

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

run_parts updates #707

wants to merge 4 commits into from

Commits on Apr 17, 2023

  1. run_part: use shadow_logfd instead of stdout 

    Similar to execution failure message.
    @cgzones
    cgzones committed Apr 17, 2023
    Configuration menu
    Copy the full SHA
    278c3d2 View commit details
    Browse the repository at this point in the history

  2. run_part: drop void symlink check 

    Since stat(2) is used the result can never be a symbolic link.
    @cgzones
    cgzones committed Apr 17, 2023
    Configuration menu
    Copy the full SHA
    f094823 View commit details
    Browse the repository at this point in the history

  3. run_part: skip scripts with insecure ownership/permission 

    Skip scripts that are either
  - not owned be the executing user or root,
  - not owned by the executing group or root,
  - world-writable.
    @cgzones
    cgzones committed Apr 17, 2023
    Configuration menu
    Copy the full SHA
    0534a1d View commit details
    Browse the repository at this point in the history

  4. run_part: use execveat(2) to avoid toctou issues 

    Pin the script to execute before gathering its information to avoid any
potential time-of-check-time-of-use issues.
    @cgzones
    cgzones committed Apr 17, 2023
    Configuration menu
    Copy the full SHA
    dc32794 View commit details
    Browse the repository at this point in the history