From cd341f153d21960fa9727de48c6f6a6b2c9bc684 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 1 Aug 2009 13:32:08 -0400 Subject: [PATCH] switch to using new checkperms script. --- Makefile | 1 + packaging/debian/changelog | 4 +++- src/share/common | 48 +------------------------------------- tests/basic | 2 +- 4 files changed, 6 insertions(+), 49 deletions(-) diff --git a/Makefile b/Makefile index 7db62e4..7ca73ef 100755 --- a/Makefile +++ b/Makefile @@ -58,6 +58,7 @@ install: all installman install src/monkeysphere-host src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere + install -m 0755 src/share/checkperms $(DESTDIR)$(PREFIX)/share/monkeysphere install -m 0755 src/share/keytrans $(DESTDIR)$(PREFIX)/share/monkeysphere ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2ssh diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 28b9637..eda81d8 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -7,8 +7,10 @@ monkeysphere (0.26~pre-1) unstable; urgency=low permission-checking (closes MS #649) - test scripts use STRICT_MODES to avoid failure when built under /tmp (Closes: #527765) + - do permissions checks with a perl script instead of non-portable + readlink GNUisms - -- Daniel Kahn Gillmor Sun, 26 Jul 2009 22:18:20 -0400 + -- Daniel Kahn Gillmor Sat, 01 Aug 2009 13:21:43 -0400 monkeysphere (0.25-1) unstable; urgency=low diff --git a/src/share/common b/src/share/common index cad2572..87a30be 100644 --- a/src/share/common +++ b/src/share/common @@ -411,15 +411,6 @@ test_gpg_expire() { check_key_file_permissions() { local uname local path - local stat - local access - local gAccess - local oAccess - - # function to check that the given permission corresponds to writability - is_write() { - [ "$1" = "w" ] - } uname="$1" path="$2" @@ -429,44 +420,7 @@ check_key_file_permissions() { return 0 fi log debug "checking path permission '$path'..." - - # rewrite path if it points to a symlink - if [ -h "$path" ] ; then - path=$(readlink -f "$path") - log debug "checking path symlink '$path'..." - fi - - # return 255 if cannot stat file - if ! stat=$(ls -ld "$path" 2>/dev/null) ; then - log error "could not stat path '$path'." - return 255 - fi - - owner=$(echo "$stat" | awk '{ print $3 }') - gAccess=$(echo "$stat" | cut -c6) - oAccess=$(echo "$stat" | cut -c9) - - # return 1 if path has invalid owner - if [ "$owner" != "$uname" -a "$owner" != 'root' ] ; then - log error "improper ownership on path '$path':" - log error " $owner != ($uname|root)" - return 1 - fi - - # return 2 if path has group or other writability - if is_write "$gAccess" || is_write "$oAccess" ; then - log error "improper group or other writability on path '$path':" - log error " group: $gAccess, other: $oAccess" - return 2 - fi - - # return zero if all clear, or go to next path - if [ "$path" = '/' ] ; then - log debug "path ok." - return 0 - else - check_key_file_permissions "$uname" $(dirname "$path") - fi + "${SYSSHAREDIR}/checkperms" "$uname" "$path" } # return a list of all users on the system diff --git a/tests/basic b/tests/basic index 159f9dc..6fe3237 100755 --- a/tests/basic +++ b/tests/basic @@ -159,7 +159,7 @@ export DISPLAY=monkeys ## we cannot do proper directory permissions checking if the current ## working directory has unsatisfactory permissions: -if ( . "$MONKEYSPHERE_SYSSHAREDIR"/common && check_key_file_permissions $(whoami) "$TEMPDIR" ) ; then +if "$MONKEYSPHERE_SYSSHAREDIR"/checkperms $(whoami) "$TEMPDIR"; then echo "Permissions on temporary directory '$TEMPDIR' are OK for permissions checks." TEMPDIR_PERMISSIONS_SAFE=yes else -- 2.26.2