From d35e9be67d9a9e2be7f2ef096ee7b55f43f794b2 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 10 Sep 2017 16:33:04 +0100 Subject: [PATCH 1/2] Show libs with bad permissions --- tests/check-libs-mode.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/check-libs-mode.sh b/tests/check-libs-mode.sh index 80b91a78..3d15047a 100644 --- a/tests/check-libs-mode.sh +++ b/tests/check-libs-mode.sh @@ -7,7 +7,8 @@ if [ -d "/lib" ];then if [ $COUNT -eq 0 ];then : else - exit 1 + find -L /lib -type f -perm /022 -exec ls -l {} \; + exit 1 fi fi if [ -d "/lib64" ];then @@ -17,7 +18,8 @@ if [ -d "/lib64" ];then if [ $COUNT -eq 0 ];then : else - exit 1 + find -L /lib64 -type f -perm /022 -exec ls -l {} \; + exit 1 fi fi if [ -d "/usr/lib" ];then @@ -27,7 +29,8 @@ if [ -d "/usr/lib" ];then if [ $COUNT -eq 0 ];then : else - exit 1 + find -L /usr/lib -type f -perm /022 -exec ls -l {} \; + exit 1 fi fi if [ -d "/usr/lib64" ];then @@ -37,7 +40,8 @@ if [ -d "/usr/lib64" ];then if [ $COUNT -eq 0 ];then : else - exit 1 + find -L /usr/lib64 -type f -perm /022 -exec ls -l {} \; + exit 1 fi fi From a30668346aba48bee8fb0a00b45a17cea57dd4f8 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 10 Sep 2017 17:04:02 +0100 Subject: [PATCH 2/2] lockdown any node modules --- src/freedombone-utils-setup | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/freedombone-utils-setup b/src/freedombone-utils-setup index ce528df6..0be4fe65 100755 --- a/src/freedombone-utils-setup +++ b/src/freedombone-utils-setup @@ -590,6 +590,9 @@ function lockdown_permissions { fi if [ -d /usr/lib ]; then chown -R root:root /usr/lib/* + if [ -d /usr/lib/node_modules ]; then + chmod -R 750 /usr/lib/node_modules/* + fi fi if [ -d /usr/lib64 ]; then chown -R root:root /usr/lib64/*