Improve logic of privileged_writable

[GoogleCodeExporter]

I believe there are a couple of deficiencies in the current implementation of 
the privileged_writable check:

1. I think files writable by a low privileged owner should always be a warning, 
not just if YOU are the current owner. If I'm running the tool as the root user 
for auditing purposes then I want to know if a standard user owns a script 
they're permitted to run as root via sudo.

2. Furthermore, if a low privileged user owns a privileged file then it should 
be reported no matter what the current permissions are. This is because the 
owner can just set it to writable if necessary.

3. Similarly to (1), if an untrusted group can write to a privileged file then 
it should be a warning even if the current user isn't a member of the group.

The attached patch will make these changes. In it's current form it only trusts 
the user with ID zero and the main group of the user with ID zero. Hopefully 
this can be improved with configurable trusts in future, see #20.

I also modified some user and group utilities to support the changes:

* Implemented the group_is_root() function by checking against `id -g -n 0`
* Switched user_is_root() and user_is_user_root() to match other 
user_is_user_*() functions which check the current user rather than a supplied 
user.
* Implemented user_is_root()

Original issue reported on code.google.com by JJC...@googlemail.com on 25 Feb 2015 at 1:30

Attachments:

• privileged_writable_logic.diff

[GoogleCodeExporter]

Apparently numeric arguments to id were only introduced in September 2013, so a 
number of common distros don't support this convention yet.

New patch works around this, but a bit more hacky for the group test.

Original comment by JJC...@googlemail.com on 1 Mar 2015 at 10:19

Attachments:

• privileged_writable_logic.2.diff