This is an automated email from the git hooks/post-receive script.
jforbes pushed a commit to branch master
in repository kernel-tests.
commit e075d4304e0cc5932fb211ac2ad308a8d11f91b3
Author: Dave Jones <da...@redhat.com>
Date: Tue Jun 12 15:34:57 2012 -0400
look for new world-writable files in sysfs
(New ones will need white-listing. At the least they should prompt an audit)
---
default/sysfs-perms/ignore-files.sh | 10 ++++++++++
default/sysfs-perms/runtest.sh | 11 +++++++++++
2 files changed, 21 insertions(+)
diff --git a/default/sysfs-perms/ignore-files.sh
b/default/sysfs-perms/ignore-files.sh
new file mode 100755
index 0000000..9f4305c
--- /dev/null
+++ b/default/sysfs-perms/ignore-files.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+grep -v event_control |\
+grep -v "/sys/fs/selinux/member" |\
+grep -v "/sys/fs/selinux/user" |\
+grep -v "/sys/fs/selinux/relabel" |\
+grep -v "/sys/fs/selinux/create" |\
+grep -v "/sys/fs/selinux/access" |\
+grep -v "/sys/fs/selinux/context"
+
diff --git a/default/sysfs-perms/runtest.sh b/default/sysfs-perms/runtest.sh
new file mode 100755
index 0000000..730f5e0
--- /dev/null
+++ b/default/sysfs-perms/runtest.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+COUNT=$(find /sys -type f -perm 666 | ignore-files.sh | wc -l)
+
+if [ "$COUNT" != "0" ]; then
+ echo Found world-writable files in sysfs.
+ find /sys -type f -perm 666 | ignore-files.sh
+ exit -1
+fi
+
+exit 0
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
