From 5de1b74127fde2b7de625587643c7c7d37e95c92 Mon Sep 17 00:00:00 2001 From: Timo Teräs Date: Mon, 10 Apr 2023 20:33:41 +0300 Subject: audit: add --ignore-busybox-links Ignore any link that has the busybox binary as target. These links are created by a trigger script and not managed by apk. --- doc/apk-audit.8.scd | 3 +++ src/app_audit.c | 16 +++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/doc/apk-audit.8.scd b/doc/apk-audit.8.scd index 19a7ba9..0e638bf 100644 --- a/doc/apk-audit.8.scd +++ b/doc/apk-audit.8.scd @@ -55,6 +55,9 @@ then the affected path. The changes detected are: protected paths is used, unless a *--protected-paths* is explicitly specified. +*--ignore-busybox-symlinks* + Ignore symlinks whose target is the busybox binary. + *--packages* Print only the packages with changed files. Instead of the full output each modification, the set of packages with at least one modified file diff --git a/src/app_audit.c b/src/app_audit.c index c1d8b10..997899b 100644 --- a/src/app_audit.c +++ b/src/app_audit.c @@ -34,12 +34,14 @@ struct audit_ctx { unsigned recursive : 1; unsigned check_permissions : 1; unsigned packages_only : 1; + unsigned ignore_busybox_symlinks : 1; }; #define AUDIT_OPTIONS(OPT) \ OPT(OPT_AUDIT_backup, "backup") \ OPT(OPT_AUDIT_check_permissions, "check-permissions") \ OPT(OPT_AUDIT_full, "full") \ + OPT(OPT_AUDIT_ignore_busybox_symlinks, "ignore-busybox-symlinks") \ OPT(OPT_AUDIT_packages, "packages") \ OPT(OPT_AUDIT_protected_paths, APK_OPT_ARG "protected-paths") \ OPT(OPT_AUDIT_recursive, APK_OPT_SH("r") "recursive") \ @@ -80,6 +82,9 @@ static int option_parse_applet(void *ctx, struct apk_db_options *dbopts, int opt case OPT_AUDIT_check_permissions: actx->check_permissions = 1; break; + case OPT_AUDIT_ignore_busybox_symlinks: + actx->ignore_busybox_symlinks = 1; + break; case OPT_AUDIT_packages: actx->packages_only = 1; break; @@ -309,7 +314,16 @@ recurse_check: break; } - if (reason == 0) reason = audit_file(actx, db, dbf, dirfd, name); + if (!dbf && actx->ignore_busybox_symlinks && S_ISLNK(fi.mode)) { + char target[16]; + ssize_t n; + n = readlinkat(dirfd, name, target, sizeof target); + if (n == 12 && memcmp(target, "/bin/busybox", 12) == 0) + goto done; + if (n == 11 && memcmp(target, "/bin/bbsuid", 11) == 0) + goto done; + } + if (!reason) reason = audit_file(actx, db, dbf, dirfd, name); if (reason < 0) goto done; report_audit(actx, reason, bfull, dbf ? dbf->diri->pkg : NULL); } -- cgit v1.2.3-70-g09d2