return 0
}
+/usr/bin/echo "Start aslr check test"
+
+/usr/bin/find / -type f -executable 2>/dev/null | /usr/bin/xargs $utl_path/file | /usr/bin/grep "executable" | /usr/bin/grep -v "shared object" | /usr/bin/grep -v "pie" | /usr/bin/grep -v "script" | /usr/bin/cut -d ":" -f1 >> $tmp_file
+
#init log
if [ -e "$log_file" ]
then
+ # Revalidate files in the previous log file. (But, not restoring execute permission)
+ cat $log_file >> $tmp_file
/usr/bin/rm $log_file
fi
-/usr/bin/echo "Start aslr check test"
-
-/usr/bin/find / -type f -executable 2>/dev/null | /usr/bin/xargs $utl_path/file | /usr/bin/grep "executable" | /usr/bin/grep -v "shared object" | /usr/bin/grep -v "pie" | /usr/bin/grep -v "script" | /usr/bin/cut -d ":" -f1 >> $tmp_file
-
# Retrieve exec permission (chmod & cat need to be considered separately to finish below lines)
# Checking "/etc/smack/onlycap" is temporary. This should be considered again later.
while read line
if [ "$result" == "" ]
then
echo "Not permitted Systemd Service : $1"
- echo $service_name >> $log_file
+ echo $1 >> $log_file
move_service_file $1 $service_name
fi
}
if [ "$result" == "" ]
then
echo "Not permitted DBUS Service : $1"
- echo $service_name >> $log_file
+ echo $1 >> $log_file
move_service_file $1 $service_name
fi
}
function find_dbus_service
{
for line in `find "$dbus_service_dir" -type f -name "*service" 2> /dev/null`
- do
+ do
uid="$(cat $line | grep "User=" | grep -v "#" | cut -d "=" -f2 | tr -d '\015')"
check_dbus_service "$line" "$uid"
done
echo "Run check new service test"
if [ -e "$log_file" ]
then
+ # Restore not permitted service
+ for line in `cat $log_file`
+ do
+ service_name=$(echo $line | rev | cut -f1 -d "/" | rev)
+ mv $not_permitted_service_path$service_name $line
+ done
rm $log_file
fi
if [ -e "$result_file" ]
projects / platform / core / security / security-config.git / commitdiff