YunoHost/package_linter
1
0
Fork 0
mirror of https://github.com/YunoHost/package_linter.git synced 2024-09-03 20:06:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Report usage of 'chown root '

Browse source
This commit is contained in:
Alexandre Aubin 2021-09-29 18:01:01 +02:00
parent ab8696322d
commit c4af75125a
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
package_linter.py
View file

@ -787,8 +787,6 @@ class Configurations(TestSuite):
yield Info(f"You are encouraged to harden the security of the systemd configuration {filename}. You can have a look at https://github.com/YunoHost/example_ynh/blob/master/conf/systemd.service#L14-L42 for a baseline.")
@test()
def php_config_specific_user(self):
@ -1621,6 +1619,13 @@ class Script(TestSuite):
"(If you need to run a command using a specific user, use 'ynh_exec_as' (or 'sudo -u'))"
)
@test()
def chownroot(self):
if self.containsregex(r"^\s*chown.* root:?[^$]* .*final_path"):
yield Info(
"Using 'chown root $final_path' is usually symptomatic of misconfigured and wide-open 'other' permissions ... Usually ynh_setup_source should now set sane default permissions on $final_path (if the app requires Yunohost >= 4.2) ... Otherwise, consider using 'chown $app', 'chown nobody' or 'chmod' to limit access to $final_path ..."
)
@test()
def chmod777(self):
if self.containsregex(r"chmod .*777") or self.containsregex(r'chmod .*o\+w'):