packages 2 install - harden sudo command execution

0344f134 · Hahn Axel (hahn) · 46b6a16e · 0344f134 · 0344f134 · 0344f134
Commit 0344f134 authored 1 year ago by Hahn Axel (hahn)
--- a/check_packages2install
+++ b/check_packages2install
@@ -25,11 +25,12 @@
 #                                            rename package manager functions
 # 2022-10-21  v1.11 <axel.hahn@unibe.ch>     remove grep: warning: stray \ before white space
 # 2023-08-24  v1.12 <axel.hahn@unibe.ch>     update help; rename to getSecurityCount
+# 2023-10-20  v1.13  ah  harden sudo command execution
 # ======================================================================


 . $(dirname $0)/inc_pluginfunctions
-self_APPVERSION=1.12
+self_APPVERSION=1.13

 readonly iWarnDefault=1
 readonly iCriticalDefault=200
@@ -229,6 +230,9 @@ fi
 . "${dir_pkg}/${pkgmanager}.sh" || exit 2

 packagemanOut=$( ${pkgmanager}.getUpdates )
+if grep "sudo: " <<< "$packagemanOut" >/dev/null; then
+  ph.abort "No sudo permissions on ${pkgmanager}?"
+fi

 if [ -z "$packagemanOut" ]; then
  ph.setStatus "critical"

--- a/check_packages2install-pkgmanager/apt.sh
+++ b/check_packages2install-pkgmanager/apt.sh
@@ -12,13 +12,14 @@
 # 2022-06-07  v1.1  ah  remove text "Nothing to install"
 #                       rename functions
 # 2022-10-21  v1.3  ah  remove grep: warning: stray \ before white space
+# 2023-10-20  v1.4  ah  harden sudo command execution
 # ===============================================================


 # ---------------------------------------------------------------
 # command to list of updates
 function apt.getUpdates(){
-    sudo apt-get -u upgrade --assume-no
+    sudo -n apt-get -u upgrade --assume-no
 }

 # ---------------------------------------------------------------

--- a/check_packages2install-pkgmanager/pamac.sh
+++ b/check_packages2install-pkgmanager/pamac.sh
@@ -10,12 +10,13 @@
 # ah <axel.hahn@iml.unibe.ch>
 # 2022-06-03  v1.0  ah  first version
 # 2022-06-07  v1.1  ah  rename functions
+# 2023-10-20  v1.2  ah  harden sudo command execution
 # ===============================================================

 # ---------------------------------------------------------------
 # command to list of updates
 function pamac.getUpdates(){
-    pamac checkupdates
+    sudo -n pamac checkupdates
 }

 # ---------------------------------------------------------------

--- a/check_packages2install-pkgmanager/yum.sh
+++ b/check_packages2install-pkgmanager/yum.sh
@@ -16,13 +16,14 @@
 # 2023-08-24  v1.4  ah  centos9: update getStatusLine() + getSecurityCount
 # 2023-08-25  v1.5  ah  centos9: fix package lists
 # 2023-09-12  v1.6  ah  almalinux9: fix package lists
+# 2023-10-20  v1.7  ah  harden sudo command execution
 # ===============================================================


 # ---------------------------------------------------------------
 # command to list of updates
 function yum.getUpdates(){
-    sudo /usr/bin/yum -y check-update
+    sudo -n /usr/bin/yum -y check-update
 }

 # ---------------------------------------------------------------