From 48602370acabffea96759bf66edd00ca829f5d17 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Tue, 18 Oct 2022 22:36:59 +0200 Subject: [PATCH] python: Harden tools against "rogue" modules Content-type: text/plain Python scripts present in "/usr/sbin" override regular modules. Make sure /usr/sbin is not present in PYTHONPATH. Fixes: #cat > /usr/sbin/audit.py < Acked-by: James Carter --- python/audit2allow/audit2allow | 2 +- python/audit2allow/sepolgen-ifgen | 2 +- python/chcat/chcat | 2 +- python/semanage/semanage | 2 +- python/sepolicy/sepolicy.py | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/python/audit2allow/audit2allow b/python/audit2allow/audit2allow index 09b06f664bc4..eafeea88aa21 100644 --- a/python/audit2allow/audit2allow +++ b/python/audit2allow/audit2allow @@ -1,4 +1,4 @@ -#!/usr/bin/python3 -Es +#!/usr/bin/python3 -EsI # Authors: Karl MacMillan # Authors: Dan Walsh # diff --git a/python/audit2allow/sepolgen-ifgen b/python/audit2allow/sepolgen-ifgen index b7a04c719acc..f2cc0c32f2b0 100644 --- a/python/audit2allow/sepolgen-ifgen +++ b/python/audit2allow/sepolgen-ifgen @@ -1,4 +1,4 @@ -#!/usr/bin/python3 -Es +#!/usr/bin/python3 -EsI # # Authors: Karl MacMillan # diff --git a/python/chcat/chcat b/python/chcat/chcat index 952cb8187599..68718ec5f102 100755 --- a/python/chcat/chcat +++ b/python/chcat/chcat @@ -1,4 +1,4 @@ -#!/usr/bin/python3 -Es +#!/usr/bin/python3 -EsI # Copyright (C) 2005 Red Hat # see file 'COPYING' for use and warranty information # diff --git a/python/semanage/semanage b/python/semanage/semanage index 10ab3fa67d7f..b21d1484ab85 100644 --- a/python/semanage/semanage +++ b/python/semanage/semanage @@ -1,4 +1,4 @@ -#!/usr/bin/python3 -Es +#!/usr/bin/python3 -EsI # Copyright (C) 2012-2013 Red Hat # AUTHOR: Miroslav Grepl # AUTHOR: David Quigley diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py index c7a70e094b0c..733d40484709 100755 --- a/python/sepolicy/sepolicy.py +++ b/python/sepolicy/sepolicy.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3 -Es +#!/usr/bin/python3 -EsI # Copyright (C) 2012 Red Hat # AUTHOR: Dan Walsh # see file 'COPYING' for use and warranty information -- 2.38.1