install src/monkeysphere-host src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin
install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere
+ install -m 0755 src/share/checkperms $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0755 src/share/keytrans $(DESTDIR)$(PREFIX)/share/monkeysphere
ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp
ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2ssh
permission-checking (closes MS #649)
- test scripts use STRICT_MODES to avoid failure when built under /tmp
(Closes: #527765)
+ - do permissions checks with a perl script instead of non-portable
+ readlink GNUisms
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 26 Jul 2009 22:18:20 -0400
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 01 Aug 2009 13:21:43 -0400
monkeysphere (0.25-1) unstable; urgency=low
check_key_file_permissions() {
local uname
local path
- local stat
- local access
- local gAccess
- local oAccess
-
- # function to check that the given permission corresponds to writability
- is_write() {
- [ "$1" = "w" ]
- }
uname="$1"
path="$2"
return 0
fi
log debug "checking path permission '$path'..."
-
- # rewrite path if it points to a symlink
- if [ -h "$path" ] ; then
- path=$(readlink -f "$path")
- log debug "checking path symlink '$path'..."
- fi
-
- # return 255 if cannot stat file
- if ! stat=$(ls -ld "$path" 2>/dev/null) ; then
- log error "could not stat path '$path'."
- return 255
- fi
-
- owner=$(echo "$stat" | awk '{ print $3 }')
- gAccess=$(echo "$stat" | cut -c6)
- oAccess=$(echo "$stat" | cut -c9)
-
- # return 1 if path has invalid owner
- if [ "$owner" != "$uname" -a "$owner" != 'root' ] ; then
- log error "improper ownership on path '$path':"
- log error " $owner != ($uname|root)"
- return 1
- fi
-
- # return 2 if path has group or other writability
- if is_write "$gAccess" || is_write "$oAccess" ; then
- log error "improper group or other writability on path '$path':"
- log error " group: $gAccess, other: $oAccess"
- return 2
- fi
-
- # return zero if all clear, or go to next path
- if [ "$path" = '/' ] ; then
- log debug "path ok."
- return 0
- else
- check_key_file_permissions "$uname" $(dirname "$path")
- fi
+ "${SYSSHAREDIR}/checkperms" "$uname" "$path"
}
# return a list of all users on the system
## we cannot do proper directory permissions checking if the current
## working directory has unsatisfactory permissions:
-if ( . "$MONKEYSPHERE_SYSSHAREDIR"/common && check_key_file_permissions $(whoami) "$TEMPDIR" ) ; then
+if "$MONKEYSPHERE_SYSSHAREDIR"/checkperms $(whoami) "$TEMPDIR"; then
echo "Permissions on temporary directory '$TEMPDIR' are OK for permissions checks."
TEMPDIR_PERMISSIONS_SAFE=yes
else
projects / monkeysphere.git / commitdiff