forked from pool/permissions
Matthias Gerstner
c1a2fada58
- Update to version 20200228: * chkstat: fix readline() on platforms with unsigned char - Update to version 20200227: * remove capability whitelisting for radosgw * whitelist ceph log directory (bsc#1150366) * adjust testsuite to post CVE-2020-8013 link handling * testsuite: add option to not mount /proc * do not follow symlinks that are the final path element: CVE-2020-8013 * add a test for symlinked directories * fix relative symlink handling * include cpp compat headers, not C headers * Move permissions and permissions.* except .local to /usr/share/permissions * regtest: fix the static PATH list which was missing /usr/bin * regtest: also unshare the PID namespace to support /proc mounting * regtest: bindMount(): explicitly reject read-only recursive mounts * Makefile: force remove upon clean target to prevent bogus errors * regtest: by default automatically (re)build chkstat before testing * regtest: add test for symlink targets * regtest: make capability setting tests optional * regtest: fix capability assertion helper logic * regtests: add another test case that catches set*id or caps in world-writable sub-trees * regtest: add another test that catches when privilege bits are set for special files * regtest: add test case for user owned symlinks * regtest: employ subuid and subgid feature in user namespace * regtest: add another test case that covers unknown user/group config * regtest: add another test that checks rejection of insecure mixed-owner paths * regtest: add test that checks for rejection of world-writable paths * regtest: add test for detection of unexpected parent directory ownership * regtest: add further helper functions, allow access to main instance OBS-URL: https://build.opensuse.org/request/show/780264 OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=252 |
||
---|---|---|
_service | ||
_servicedata | ||
.gitattributes | ||
.gitignore | ||
fix_version.sh | ||
permissions-20200228.tar.xz | ||
permissions.changes | ||
permissions.spec |