Improve SUID find

dev-sec · Feb 12, 2022 · b9f6977 · b9f6977
1 parent 99a7016
commit b9f6977
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/libraries/suid_check.rb b/libraries/suid_check.rb
@@ -18,7 +18,7 @@ def initialize(blacklist = nil)
   end
 
   def permissions
-    output = inspec.command('find / -perm -4000 -o -perm -2000 -type f ! -path \'/proc/*\' ! -path \'/var/lib/lxd/containers/*\' -print 2>/dev/null | grep -v \'^find:\'')
+    output = inspec.command('find / -type d \( -path \'/proc/*\' -o -path \'/var/lib/lxd/containers/*\' \) -prune -type f -o -perm -2000 -o -perm 4000 2>/dev/null | grep -v \'^find:\'')
     output.stdout.split(/\r?\n/)
   end