|
| 1 | +commit 45fc6dd48476ccaeb4f1d0a08921b466bf7c950b |
| 2 | +Merge: 025da60 4e0193f |
| 3 | +Author: Patrick Schleizer <adrelanos@whonix.org> |
| 4 | +Date: Sat Apr 11 06:35:28 2026 -0400 |
| 5 | + |
| 6 | + Merge remote-tracking branch 'assisted-by-ai/claude/audit-helper-scripts-security-nGGkn' |
| 7 | + |
| 8 | +commit 4e0193f0b814b57e46655270ddc24446aee5285b |
| 9 | +Author: Claude <noreply@anthropic.com> |
| 10 | +Date: Sat Apr 11 10:30:23 2026 +0000 |
| 11 | + |
| 12 | + source_config: revert to space-delimited stat, document delimiter tradeoffs |
| 13 | + |
| 14 | + NUL-delimited parsing required process substitution which discards |
| 15 | + stat's exit status. Since spaces in usernames are equally impractical |
| 16 | + as other candidate delimiters (newline, colon), keep the simpler |
| 17 | + space-delimited approach with proper exit-status handling and document |
| 18 | + the alternatives considered. |
| 19 | + |
| 20 | + https://claude.ai/code/session_01PzQizFukc2xgQMLJmZNWM7 |
| 21 | + |
| 22 | +commit d80197dccef8ab27ec19c084181d64c33cb98efa |
| 23 | +Author: Claude <noreply@anthropic.com> |
| 24 | +Date: Sat Apr 11 10:19:18 2026 +0000 |
| 25 | + |
| 26 | + source_config: use NUL-delimited stat output to handle spaces in names |
| 27 | + |
| 28 | + The previous space-delimited parsing of stat output would mis-split |
| 29 | + fields if a username or group name contained spaces (e.g. "Domain |
| 30 | + Users"). Switch to NUL-delimited output with readarray -d '' to parse |
| 31 | + each field unambiguously. |
| 32 | + |
| 33 | + Uses --printf instead of --format to suppress the trailing newline that |
| 34 | + GNU stat appends with --format. Requires bash 4.4+ for readarray -d |
| 35 | + (the script already requires 4.3+ for namerefs). |
| 36 | + |
| 37 | + https://claude.ai/code/session_01PzQizFukc2xgQMLJmZNWM7 |
| 38 | + |
| 39 | +commit 0ac93c2d83847dfbe649761e64a3e30cd2aad5eb |
| 40 | +Author: Claude <noreply@anthropic.com> |
| 41 | +Date: Sat Apr 11 10:13:27 2026 +0000 |
| 42 | + |
| 43 | + source_config: reject group-writable directories |
| 44 | + |
| 45 | + Directories have stricter writability requirements than files because |
| 46 | + write permission on a directory allows creating, deleting, and renaming |
| 47 | + entries. A group-writable config directory could allow group members to |
| 48 | + remove or replace legitimate config files (DoS), even though the |
| 49 | + file-level ownership check prevents sourcing attacker-owned files. |
| 50 | + |
| 51 | + Check the second-to-last octal digit (group permission) for the write |
| 52 | + bit using the pattern *[2367]?, and report the mode in error messages |
| 53 | + for both group-writable and world-writable rejections. |
| 54 | + |
| 55 | + https://claude.ai/code/session_01PzQizFukc2xgQMLJmZNWM7 |
| 56 | + |
| 57 | +commit 18f901e3e4365ac10b2863bf499a9aed3ce864de |
| 58 | +Author: Claude <noreply@anthropic.com> |
| 59 | +Date: Sat Apr 11 10:05:50 2026 +0000 |
| 60 | + |
| 61 | + source_config: prefix internal locals with _ to avoid nameref collisions |
| 62 | + |
| 63 | + Use the leading underscore convention for all local variables in |
| 64 | + functions that use namerefs (source_config_read_stat, |
| 65 | + source_config_resolve_path, source_config_get_expected_owner_group). |
| 66 | + This prevents circular reference bugs if a caller passes a variable |
| 67 | + name that would otherwise collide with an internal local. |
| 68 | + |
| 69 | + https://claude.ai/code/session_017p3uYYzFmLbmQuHNhRRF7B |
| 70 | + |
| 71 | +commit 93a6c704a3d0a1829087884f1cf22ed9127d9149 |
| 72 | +Author: Claude <noreply@anthropic.com> |
| 73 | +Date: Sat Apr 11 10:04:11 2026 +0000 |
| 74 | + |
| 75 | + source_config: use explicit return 1 for early id failures |
| 76 | + |
| 77 | + The source_config_error call already sets rc=1 via dynamic scoping, |
| 78 | + so return "$rc" works but is needlessly indirect. Use return 1 for |
| 79 | + clarity since we are returning immediately after the error. |
| 80 | + |
| 81 | + https://claude.ai/code/session_017p3uYYzFmLbmQuHNhRRF7B |
| 82 | + |
| 83 | +commit b7994ffa787829eace08705c2bb03d3cae8f9c0e |
| 84 | +Author: Claude <noreply@anthropic.com> |
| 85 | +Date: Sat Apr 11 10:02:02 2026 +0000 |
| 86 | + |
| 87 | + source_config: relax allowed system paths, check HOME only for user dirs |
| 88 | + |
| 89 | + Accept /run/* and /usr/* as system config directories (e.g. |
| 90 | + /usr/lib/systemcheck.d). Move the HOME validation inside the |
| 91 | + "$HOME"/* case branch so unset/empty HOME is only an error when |
| 92 | + a per-user directory is actually requested. |
| 93 | + |
| 94 | + https://claude.ai/code/session_017p3uYYzFmLbmQuHNhRRF7B |
| 95 | + |
| 96 | +commit 23f6b2cc79d89505fa6a7424f46712528022d5d1 |
| 97 | +Author: Claude <noreply@anthropic.com> |
| 98 | +Date: Sat Apr 11 09:52:32 2026 +0000 |
| 99 | + |
| 100 | + source_config: validate HOME and handle id failure |
| 101 | + |
| 102 | + Guard against empty/unset HOME which would cause the case pattern |
| 103 | + "$HOME"/* to degrade to /* and silently accept any absolute path as a |
| 104 | + per-user config directory. Also fail early if id --user/--group cannot |
| 105 | + determine the invoking user or group. |
| 106 | + |
| 107 | + https://claude.ai/code/session_017p3uYYzFmLbmQuHNhRRF7B |
| 108 | + |
| 109 | +commit 025da601ca4541dd0ec71376901147e16d783503 |
| 110 | +Author: Patrick Schleizer <adrelanos@whonix.org> |
| 111 | +Date: Sat Apr 11 08:32:13 2026 +0000 |
| 112 | + |
| 113 | + bumped changelog version |
| 114 | + |
1 | 115 | commit c8193c7b47ce450e47b8963aa668626bd42e7406 |
2 | 116 | Author: Patrick Schleizer <adrelanos@whonix.org> |
3 | 117 | Date: Sat Apr 11 03:31:49 2026 -0400 |
|
0 commit comments