From 51bbf5c7c3ea1649311fd01f02314fa43bc2cb64 Mon Sep 17 00:00:00 2001
From: Jjk422 <jason@4jltd.co.uk>
Date: Thu, 1 Sep 2016 16:36:13 +0100
Subject: [PATCH] Should fix all errors in branch 'Access control
 vulnerability, allows less to run as root for any user'.

required:
/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp:4: Comments removed.
/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp:10-15: Comments removed.

optional / suggested:
/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp:1: $user parameter kept, module should be able to be copied and used for other modules (changing user permissions or different files) to ensure that all code is the same and checked <-- this was my thinking anyway.
/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp:2: Removed the 'String' from before the block parameter definitions.
/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp:3-8(post comment removal): Indented the block by two spaces.
---
 .../manifests/change_uid_permissions.pp       | 20 ++++++-------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp b/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp
index fb6f3870a..91e2c793d 100644
--- a/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp
+++ b/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp
@@ -1,17 +1,9 @@
 class uid_less_root::change_uid_permissions ($file_input = [], $user = 'root') {
-  $file_input.each |String $file, String $permission_code| {
-  file { $file:
-    # ensure => 'file',
-    mode => $permission_code,
-    owner => $user,
+  $file_input.each |$file, $permission_code| {
+    file { $file:
+      mode => $permission_code,
+      owner => $user,
+    }
+    notice("File {$file} permissions have been checked.")
   }
-  notice("File {$file} permissions have been checked.")
-
-  # exec { '/bin/sh':
-  #   command => '/bin/chmod u+s /usr/bin/vi',
-  #   path => '/bin/sh',
-  # }
-  #
-  # notice("File {$file} permissions have been checked via exec.")
-}
 }
\ No newline at end of file