From 5235a5e518a1b17f50eb0f56c088f3808d939626 Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Tue, 4 Feb 2020 19:34:56 -0500 Subject: [PATCH 1/1] clamav-unofficial-sigs.sh: disable running as root. The only way I'm going to let this be installed on my machine is if it never runs as root. The shit that it does is insane (a priori) and also implemented insecurely. There's no good reason to run the script as root on Gentoo anyway. A cron job is provided for you, or you can use "su -s /bin/bash -c ... clamav" to run it as the clamav user. --- clamav-unofficial-sigs.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index aa70db1..60d305b 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -3,6 +3,16 @@ # shellcheck disable=SC2120 # shellcheck disable=SC2128 # shellcheck disable=SC2154 + +if [[ ${EUID} -eq 0 ]]; then + exec 1>&2 + echo "This script has been patched by the Gentoo maintainer to disable" + echo "running it as root (effective UID 0). When run as root, the script" + echo "performs a number of operations insecurely. You should never need" + echo "to run this as root on Gentoo in the first place." + exit 1; +fi + ################################################################################ # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. -- 2.24.1