Skip to content
Snippets Groups Projects
Commit a859d1226501 authored by jfp's avatar jfp
Browse files

rule1303: Control group protection. Ignore files owned by [1,*]

parent 016fb3302660
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 10 additions and 1 deletion
secrules/rules13.py
+ 10
1
View file @ a859d122
...@@ -66,7 +66,10 @@ ...@@ -66,7 +66,10 @@
all_users = user.all_users() all_users = user.all_users()
it = ( it = (
itemList.itemList( itemList.itemList(
code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedWord code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedWord,
),
itemList.itemList(
code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong,
), ),
) )
for u in list(all_users.values()): for u in list(all_users.values()):
...@@ -81,6 +84,12 @@ ...@@ -81,6 +84,12 @@
retsec = starlet.get_security( retsec = starlet.get_security(
objnam=f, clsnam='FILE', itmlst=it objnam=f, clsnam='FILE', itmlst=it
) )
own: int = retsec[2][
ossdef.OSS__OWNER
] # type: ignore
# Ignore file owned by [1,*]
if int(own / 65536) == 1:
continue
prot: int = retsec[2][ prot: int = retsec[2][
ossdef.OSS__PROTECTION ossdef.OSS__PROTECTION
] # type: ignore ] # type: ignore
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment