search

lenovo / lenovo-wwan-unlock

FCC and DPR unlock for Lenovo PCs
33 stars 7 forks source link

Why unconfined execute for ps? #31

Closed setharnold closed 1 month ago

setharnold commented 1 month ago

https://github.com/lenovo/lenovo-wwan-unlock/blob/4f8e19e6f7d324decc0842e947dab2ad2bca556d/debian/opt.fcc_lenovo.configservice_lenovo#L17

https://github.com/lenovo/lenovo-wwan-unlock/blob/4f8e19e6f7d324decc0842e947dab2ad2bca556d/debian/opt.fcc_lenovo.DPR_Fcc_unlock_service#L18

Why is the ps program given an unconfined execute permission? This is way too broad. Please change this to a cx rule or Cx rule, as necessary.

Thanks

nitinexclusively commented 1 month ago

@setharnold Thanks ! I will need Binli's comment on this . @binli - Can you please update your comment ? Thanks

binli commented 1 month ago

@setharnold thanks for review, fixed it.

nitinexclusively commented 1 month ago

Merged fix in ubuntu OEM branch -> https://github.com/lenovo/lenovo-wwan-unlock/tree/ubuntu-oem Thanks