diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2023-04-10 20:33:41 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2023-04-11 20:55:13 +0300 |
| commit | 5de1b74127fde2b7de625587643c7c7d37e95c92 (patch) | |
| tree | 60c4d981c90c037ae7d094d3c5a27794f869580f | |
| parent | 18846bd08390e6ae52a0de0f94ff2a0f62aad4d7 (diff) | |
| download | apk-tools-5de1b74127fde2b7de625587643c7c7d37e95c92.tar.gz apk-tools-5de1b74127fde2b7de625587643c7c7d37e95c92.tar.bz2 apk-tools-5de1b74127fde2b7de625587643c7c7d37e95c92.tar.xz apk-tools-5de1b74127fde2b7de625587643c7c7d37e95c92.zip | |
audit: add --ignore-busybox-links
Ignore any link that has the busybox binary as target.
These links are created by a trigger script and not managed by apk.
| -rw-r--r-- | doc/apk-audit.8.scd | 3 | ||||
| -rw-r--r-- | src/app_audit.c | 16 |
2 files changed, 18 insertions, 1 deletions
diff --git a/doc/apk-audit.8.scd b/doc/apk-audit.8.scd index 19a7ba9..0e638bf 100644 --- a/doc/apk-audit.8.scd +++ b/doc/apk-audit.8.scd @@ -55,6 +55,9 @@ then the affected path. The changes detected are: protected paths is used, unless a *--protected-paths* is explicitly specified. +*--ignore-busybox-symlinks* + Ignore symlinks whose target is the busybox binary. + *--packages* Print only the packages with changed files. Instead of the full output each modification, the set of packages with at least one modified file diff --git a/src/app_audit.c b/src/app_audit.c index c1d8b10..997899b 100644 --- a/src/app_audit.c +++ b/src/app_audit.c @@ -34,12 +34,14 @@ struct audit_ctx { unsigned recursive : 1; unsigned check_permissions : 1; unsigned packages_only : 1; + unsigned ignore_busybox_symlinks : 1; }; #define AUDIT_OPTIONS(OPT) \ OPT(OPT_AUDIT_backup, "backup") \ OPT(OPT_AUDIT_check_permissions, "check-permissions") \ OPT(OPT_AUDIT_full, "full") \ + OPT(OPT_AUDIT_ignore_busybox_symlinks, "ignore-busybox-symlinks") \ OPT(OPT_AUDIT_packages, "packages") \ OPT(OPT_AUDIT_protected_paths, APK_OPT_ARG "protected-paths") \ OPT(OPT_AUDIT_recursive, APK_OPT_SH("r") "recursive") \ @@ -80,6 +82,9 @@ static int option_parse_applet(void *ctx, struct apk_db_options *dbopts, int opt case OPT_AUDIT_check_permissions: actx->check_permissions = 1; break; + case OPT_AUDIT_ignore_busybox_symlinks: + actx->ignore_busybox_symlinks = 1; + break; case OPT_AUDIT_packages: actx->packages_only = 1; break; @@ -309,7 +314,16 @@ recurse_check: break; } - if (reason == 0) reason = audit_file(actx, db, dbf, dirfd, name); + if (!dbf && actx->ignore_busybox_symlinks && S_ISLNK(fi.mode)) { + char target[16]; + ssize_t n; + n = readlinkat(dirfd, name, target, sizeof target); + if (n == 12 && memcmp(target, "/bin/busybox", 12) == 0) + goto done; + if (n == 11 && memcmp(target, "/bin/bbsuid", 11) == 0) + goto done; + } + if (!reason) reason = audit_file(actx, db, dbf, dirfd, name); if (reason < 0) goto done; report_audit(actx, reason, bfull, dbf ? dbf->diri->pkg : NULL); } |