blob: 1e855baff1664e3a28546fbd3d5fdbdeba594619 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
From c9a43a14697fa955f31e495a8b03a523975ad285 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Tue, 1 May 2012 15:40:31 +0300
Subject: [PATCH 2/5] audit: apply protected_paths.d masks to individual files
---
src/audit.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/src/audit.c b/src/audit.c
index 071ff4d..03f977b 100644
--- a/src/audit.c
+++ b/src/audit.c
@@ -14,6 +14,7 @@
#include <fcntl.h>
#include <unistd.h>
#include <dirent.h>
+#include <fnmatch.h>
#include <sys/stat.h>
#include "apk_applet.h"
#include "apk_database.h"
@@ -199,14 +200,28 @@ recurse_check:
atctx->pathlen--;
} else {
struct apk_db_file *dbf;
+ struct apk_protected_path_array *ppaths = dbd->protected_paths;
+ int i, protected = dbd->protected, symlinks_only = dbd->symlinks_only;
+
+ /* inherit file's protection mask */
+ for (i = 0; i < ppaths->num; i++) {
+ struct apk_protected_path *ppath = &ppaths->item[i];
+ char *slash = strchr(ppath->relative_pattern, '/');
+ if (slash == NULL) {
+ if (fnmatch(ppath->relative_pattern, name, FNM_PATHNAME) != 0)
+ continue;
+ protected = ppath->protected;
+ symlinks_only = ppath->symlinks_only;
+ }
+ }
if (actx->mode == MODE_BACKUP) {
- if (!dbd->protected)
+ if (!protected)
goto done;
- if (dbd->symlinks_only && !S_ISLNK(fi.mode))
+ if (symlinks_only && !S_ISLNK(fi.mode))
goto done;
} else {
- if (dbd->protected)
+ if (protected)
goto done;
}
--
1.7.10
|