tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Escape file when needed to test if it is readable

This commit is contained in:
Michael Boelen 2017-03-13 11:57:23 +01:00
parent ad779f29eb
commit 7d17bfbbd7
1 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
include/functions
View File

@ -746,51 +746,52 @@
sFILE=$1 sFILE=$1
CANREAD=0 CANREAD=0
RETVAL=1 RETVAL=1
LogText "Test: check if we can access ${sFILE}" escaped_file=$(echo ${sFILE} | sed 's/\*/\\*/; s/\?/\\?/')
LogText "Test: check if we can access ${sFILE} (escaped: ${escaped_file})"
# Check for symlink # Check for symlink
if [ -L ${sFILE} ]; then if [ -L ${escaped_file} ]; then
ShowSymlinkPath ${sFILE} ShowSymlinkPath ${escaped_file}
if [ ! "${SYMLINK}" = "" ]; then sFILE="${SYMLINK}"; fi if [ ! -z "${SYMLINK}" ]; then escaped_file="${SYMLINK}"; fi
fi fi
# Only check the file if it isn't a symlink (after previous check) # Only check the file if it isn't a symlink (after previous check)
if [ -L ${sFILE} ]; then if [ -L ${escaped_file} ]; then
OTHERPERMS="-" OTHERPERMS="-"
LogText "Result: unclear if we can read this file, as this is a symlink" LogText "Result: unclear if we can read this file, as this is a symlink"
ReportException "FileIsReadable" "Can not determine symlink ${sFILE}" ReportException "FileIsReadable" "Can not determine symlink ${sFILE}"
elif [ -d ${sFILE} ]; then elif [ -d ${escaped_file} ]; then
OTHERPERMS=$(ls -d -l ${sFILE} | cut -c 8) OTHERPERMS=$(${LSBINARY} -d -l ${escaped_file} | ${CUTBINARY} -c 8)
elif [ -f ${sFILE} ]; then elif [ -f ${escaped_file} ]; then
OTHERPERMS=$(ls -d -l ${sFILE} | cut -c 8) OTHERPERMS=$(${LSBINARY} -d -l ${escaped_file} | ${CUTBINARY} -c 8)
else else
OTHERPERMS="-" OTHERPERMS="-"
fi fi
# Also check if we are the actual owner of the file (use -d to get directory itself, if its a directory) # Also check if we are the actual owner of the file (use -d to get directory itself, if its a directory)
FILEOWNER=$(ls -dln ${sFILE} | awk -F" " '{ print $3 }') FILEOWNER=$(ls -dln ${escaped_file} | ${AWKBINARY} -F" " '{ print $3 }')
if [ "${FILEOWNER}" = "${MYID}" ]; then if [ "${FILEOWNER}" = "${MYID}" ]; then
LogText "Result: file is owned by our current user ID (${MYID}), checking if it is readable" LogText "Result: file is owned by our current user ID (${MYID}), checking if it is readable"
if [ -L ${sFILE} ]; then if [ -L ${sFILE} ]; then
LogText "Result: unclear if we can read this file, as this is a symlink" LogText "Result: unclear if we can read this file, as this is a symlink"
ReportException "FileIsReadable" "Can not determine symlink ${sFILE}" ReportException "FileIsReadable" "Can not determine symlink ${escaped_file}"
elif [ -d ${sFILE} ]; then elif [ -d ${escaped_file} ]; then
OTHERPERMS=$(ls -d -l ${sFILE} | cut -c 2) OTHERPERMS=$(${LSBINARY} -d -l ${escaped_file} | ${CUTBINARY} -c 2)
elif [ -f ${sFILE} ]; then elif [ -f ${escaped_file} ]; then
OTHERPERMS=$(ls -d -l ${sFILE} | cut -c 2) OTHERPERMS=$(${LSBINARY} -l ${escaped_file} | ${CUTBINARY} -c 2)
fi fi
else else
LogText "Result: file is not owned by current user ID (${MYID}), but UID ${FILEOWNER}" LogText "Result: file is not owned by current user ID (${MYID}), but UID ${FILEOWNER}"
fi fi
# Check if we are root, or have the read bit # Check if we are root, or have the read bit
if [ "${MYID}" = "0" -o "${OTHERPERMS}" = "r" ]; then if [ "${MYID}" = "0" -o "${OTHERPERMS}" = "r" ]; then
CANREAD=1 CANREAD=1
LogText "Result: file ${sFILE} is readable (or directory accessible)." LogText "Result: file ${escaped_file} is readable (or directory accessible)."
return 0 return 0
else else
return 1 return 1
LogText "Result: file ${sFILE} is NOT readable (or directory accessible), symlink, or does not exist. (OTHERPERMS: ${OTHERPERMS})" LogText "Result: file ${escaped_file} is NOT readable (or directory accessible), symlink, or does not exist. (OTHERPERMS: ${OTHERPERMS})"
fi fi
} }