tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add `Notes` section to `RunCmdAsUser()` comments

This commit is contained in:
Neved4 2024-10-25 22:29:35 +02:00
parent ae64484955
commit 181f59c2af
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/functions
View File

@ -3043,6 +3043,18 @@
# #
# Parameters : $@ = command arguments # Parameters : $@ = command arguments
# Returns : None (executes the command as the appropriate user) # Returns : None (executes the command as the appropriate user)
# Notes : This allows dropping permissions for specific commands when
# lynis is invoked as root, preventing privilege escalation
# risks (CWE-250, CWE-271).
#
# By isolating privileged code and dropping said privileges as
# soon as possible, we can execute tools with their proper
# permissions, such as in the case of Homebrew.
#
# When available, we use `sudo` and `su`. For a strictly
# POSIX-compliant environment, a C implementation could be
# made using `setgid()` and `setuid()`.
################################################################################
################################################################################ ################################################################################
RunCmdAsUser() { RunCmdAsUser() {