scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-20 20:14:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add check for hardened_malloc flatpak preload (#412)

Browse Source 
* updated has_permission to use regex matching

* added flatpak check for hardened_malloc

* changed hasPermission to maintain old behavior for strings
This commit is contained in:
Rubiginosa
2024-09-10 13:33:14 -04:00
committed by GitHub
parent 8a0e957c8d
commit 8333bcf2f5
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
files/system/usr/share/ublue-os/just/70-secureblue.just
View File

@@ -356,7 +356,7 @@ audit-secureblue:
local line=$(grep "^${prefix}=" <<< "$permissions" | sed -e "s/^${prefix}=//" -e "s/#.*//") local line=$(grep "^${prefix}=" <<< "$permissions" | sed -e "s/^${prefix}=//" -e "s/#.*//")
IFS=';' read -r -a list <<< "$line" IFS=';' read -r -a list <<< "$line"
for p in ${list[@]}; do for p in ${list[@]}; do
if [[ "$p" == "$query" ]]; then if [[ "$p" =~ ^$query$ ]]; then
return return
fi fi
done done
@@ -572,6 +572,10 @@ audit-secureblue:
status="$STATUS_FAILURE" status="$STATUS_FAILURE"
warnings+=("> $f has x11 access!") warnings+=("> $f has x11 access!")
fi fi
if ! hasPermission "$permissions" "LD_PRELOAD" .*"/libhardened_malloc.so"; then
status="$STATUS_FAILURE"
warnings+=("> $f is not using hardened_malloc!")
fi
flatpak_test_string="Auditing $f" flatpak_test_string="Auditing $f"
print_status "$flatpak_test_string" "$status" print_status "$flatpak_test_string" "$status"
for warning in "${warnings[@]}"; do for warning in "${warnings[@]}"; do