Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(18)

Unified Diff: find_omaha.sh

Issue 6602077: Remove superfluous security check (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/memento_softwareupdate.git@master
Patch Set: Created 9 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: find_omaha.sh
diff --git a/find_omaha.sh b/find_omaha.sh
index 80928e178061f11c9ec37d69286aaced971f7dfd..59fb138f22205776cd364421e222345be815cc2f 100755
--- a/find_omaha.sh
+++ b/find_omaha.sh
@@ -5,19 +5,12 @@
# Parent file must include memento_updater_logging.sh
# This file cannot be run by itself, it must be included.
-OVERRIDE_IS_SECURE="YES"
-FACTORY_OVERRIDE_IS_SECURE="YES"
-
-# Return the value for a given key in the override lsb-release file if the
-# file is secure. If no value is found, checks in the standard lsb-release
-# file.
+# Return the value for a given key in the override lsb-release file.
+# If no value is found, checks in the standard lsb-release file.
findLSBValue()
{
- if [ "$FACTORY_OVERRIDE_IS_SECURE" = "YES" ]
- then
- # Check factory lsb file.
- value=$(grep ^$1 $FACTORY_LSB_FILE | cut -d = -f 2-)
- fi
+ # Check factory lsb file.
+ value=$(grep ^$1 $FACTORY_LSB_FILE | cut -d = -f 2-)
if [ -z "$value" ]
then
@@ -28,56 +21,4 @@ findLSBValue()
echo $value
}
-# Returns 0 if the file or folder is owned by root and not writable
-# by group/other. Returns 1 otherwise.
-checkRootPermission()
-{
- if [ -z "$1" ]
- then
- log Path is missing, unable to check permissions
- return 1
- fi
- # Verifying root owner for the passed in value ($1)
- OWNER=$(stat -c '%U:%G' "$1")
-
- if [ "$OWNER" != "root:root" ]
- then
- return 1
- else
- # File has root:root permission so now we will check write permission
- # on the file.
- PERMISSION=$(stat -c '%A' "$1")
- # PERMISSION would be something like -rw-r--r--, so we are parsing
- # w bits for owner, group and others.
- GROUP_WRITE=$(echo "$PERMISSION" | cut -b 6)
- OTHER_WRITE=$(echo "$PERMISSION" | cut -b 9)
-
- # Except owner, nobody should have write permission. (owner has to be root)
- if [ "$GROUP_WRITE" != '-' -o "$OTHER_WRITE" != '-' ]
- then
- return 1
- fi
- fi
- return 0
-}
-
-FACTORY_STATEFUL_VAR=/mnt/stateful_partition/dev_image
-FACTORY_STATEFUL_ETC=/mnt/stateful_partition/dev_image/etc
FACTORY_LSB_FILE=/mnt/stateful_partition/dev_image/etc/lsb-factory
-
-FACTORY_LIST_TO_CHECK="
- $FACTORY_STATEFUL_VAR
- $FACTORY_STATEFUL_ETC
- $FACTORY_LSB_FILE
-"
-
-for FILE_NAME in $FACTORY_LIST_TO_CHECK
-do
- if ! checkRootPermission "$FILE_NAME"
- then
- log non-root can write to $FILE_NAME, thus ignoring $FACTORY_LSB_FILE
- # If we find there is security hole, we set this flag
- FACTORY_OVERRIDE_IS_SECURE=NO
- fi
-done
-
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698