Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Yasat write issue #3445

Closed
noraj opened this issue Jun 16, 2022 · 3 comments · Fixed by #4236
Closed

Yasat write issue #3445

noraj opened this issue Jun 16, 2022 · 3 comments · Fixed by #4236
Labels
type::bug Valid bug

Comments

@noraj
Copy link
Contributor

noraj commented Jun 16, 2022
edited
Loading

Bug description

$ yasat --html --html-output /tmp/yasat.html 
Found /etc/yasat/yasat.conf
Enabling output in /home/noraj/.yasat/yasat.html
HTML output is /tmp/yasat.html
  Using YASAT version                                              [ 848 ]
  Using YASAT with UID!=0 Some test may fail                       [ WARNING ]

Press ENTER to continue Ctrl/C to quit

  Using YASAT without SELinux                                      [ OK ]
  Detecting OS...                                                  [ DONE ]
    arch Linux ArchLinux
  Detecting TERM width...                                          [ 236 ]
Color chart
 GREEN   is for good configuration or information
 RED     is for configuration that must be corrected
 ORANGE  is for optional configuration that can be done
 BLUE    is for information

At the end of the audit, the report will be available at /home/noraj/.yasat//yasat.report

ls: cannot access '/usr/share/yasat/plugins//*.advice': Permission denied
/usr/bin/yasat: line 508: /usr/share/yasat//yasat.advices: Permission denied

ls: cannot access '/usr/share/yasat/plugins//*test': Permission denied

Yasat tries to write in it's root directory (/usr/share/yasat) but can't without root priv

https://github.com/montjoie/yasat/blob/0eead3d12d2cfa9b0bb69ba16f3319f2dbc682f2/yasat#L508

I'm wondering if there is a possibility to modify the configuration to be able to run the tool without root priv.

https://github.com/BlackArch/blackarch/blob/master/packages/yasat/yasat.conf
@noraj noraj added the type::bug Valid bug label Jun 16, 2022
@D3vil0p3r
Copy link
Contributor

D3vil0p3r commented Oct 5, 2024
edited
Loading

@noraj It is needed to add a control that check if the tool is run as root (or by sudo) and, if not, write in home folder... I can try to rewrite the code of that tool, submit a PR and push on the maintainer for merging. If you agree with this approach on the code, I will do it. Let me know.

@D3vil0p3r
Copy link
Contributor

D3vil0p3r commented Oct 5, 2024
edited
Loading

Btw I just fixed and tested the code. I opened a PR upstream montjoie/yasat#1

@D3vil0p3r D3vil0p3r mentioned this issue Oct 5, 2024
Merged
@D3vil0p3r
Copy link
Contributor

I updated the PKGBUILD with a prepare() statement to fix the reported issue. When/If the upstream PR will be merged, we can remove prepare()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type::bug Valid bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

yasat: fix permission issue D3vil0p3r/blackarch
2 participants
@noraj @D3vil0p3r