STRLCPY/linux-smart-enumeration

First migration to POSIX compliance
Diego Blanco committed 4 years ago

9cf403cd

1 parent 27821b2d

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

Total 1 files

■ ■ ■ ■ ■ ■

lse.sh

1		-	#!/bin/bash
	1	+	#!/bin/sh
2	2		# vim: set ts=2 sw=2 sts=2 et:
3	3
4	4		# Author: Diego Blanco <[email protected]>
		skipped 79 lines
84	84		lse_DEBUG=false
85	85
86	86		# internal data
87		-	lse_common_setuid=(
88		-	'/bin/fusermount'
89		-	'/bin/mount'
90		-	'/bin/ntfs-3g'
91		-	'/bin/ping'
92		-	'/bin/ping6'
93		-	'/bin/su'
94		-	'/bin/umount'
95		-	'/lib64/dbus-1/dbus-daemon-launch-helper'
96		-	'/sbin/mount.ecryptfs_private'
97		-	'/sbin/mount.nfs'
98		-	'/sbin/pam_timestamp_check'
99		-	'/sbin/pccardctl'
100		-	'/sbin/unix2_chkpwd'
101		-	'/sbin/unix_chkpwd'
102		-	'/usr/bin/Xorg'
103		-	'/usr/bin/arping'
104		-	'/usr/bin/at'
105		-	'/usr/bin/beep'
106		-	'/usr/bin/chage'
107		-	'/usr/bin/chfn'
108		-	'/usr/bin/chsh'
109		-	'/usr/bin/crontab'
110		-	'/usr/bin/expiry'
111		-	'/usr/bin/firejail'
112		-	'/usr/bin/fusermount'
113		-	'/usr/bin/fusermount-glusterfs'
114		-	'/usr/bin/gpasswd'
115		-	'/usr/bin/kismet_capture'
116		-	'/usr/bin/mount'
117		-	'/usr/bin/mtr'
118		-	'/usr/bin/newgidmap'
119		-	'/usr/bin/newgrp'
120		-	'/usr/bin/newuidmap'
121		-	'/usr/bin/passwd'
122		-	'/usr/bin/pkexec'
123		-	'/usr/bin/procmail'
124		-	'/usr/bin/staprun'
125		-	'/usr/bin/su'
126		-	'/usr/bin/sudo'
127		-	'/usr/bin/sudoedit'
128		-	'/usr/bin/traceroute6.iputils'
129		-	'/usr/bin/umount'
130		-	'/usr/bin/weston-launch'
131		-	'/usr/lib/chromium-browser/chrome-sandbox'
132		-	'/usr/lib/dbus-1.0/dbus-daemon-launch-helper'
133		-	'/usr/lib/dbus-1/dbus-daemon-launch-helper'
134		-	'/usr/lib/eject/dmcrypt-get-device'
135		-	'/usr/lib/openssh/ssh-keysign'
136		-	'/usr/lib/policykit-1/polkit-agent-helper-1'
137		-	'/usr/lib/polkit-1/polkit-agent-helper-1'
138		-	'/usr/lib/pt_chown'
139		-	'/usr/lib/snapd/snap-confine'
140		-	'/usr/lib/spice-gtk/spice-client-glib-usb-acl-helper'
141		-	'/usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic'
142		-	'/usr/lib/xorg/Xorg.wrap'
143		-	'/usr/libexec/Xorg.wrap'
144		-	'/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache'
145		-	'/usr/libexec/dbus-1/dbus-daemon-launch-helper'
146		-	'/usr/libexec/gstreamer-1.0/gst-ptp-helper'
147		-	'/usr/libexec/openssh/ssh-keysign'
148		-	'/usr/libexec/polkit-1/polkit-agent-helper-1'
149		-	'/usr/libexec/pt_chown'
150		-	'/usr/libexec/qemu-bridge-helper'
151		-	'/usr/libexec/spice-gtk-x86_64/spice-client-glib-usb-acl-helper'
152		-	'/usr/sbin/exim4'
153		-	'/usr/sbin/grub2-set-bootflag'
154		-	'/usr/sbin/mount.nfs'
155		-	'/usr/sbin/mtr-packet'
156		-	'/usr/sbin/pam_timestamp_check'
157		-	'/usr/sbin/pppd'
158		-	'/usr/sbin/pppoe-wrapper'
159		-	'/usr/sbin/suexec'
160		-	'/usr/sbin/unix_chkpwd'
161		-	'/usr/sbin/userhelper'
162		-	'/usr/sbin/usernetctl'
163		-	'/usr/sbin/uuidd'
164		-	)
	87	+	lse_common_setuid="
	88	+	/bin/fusermount
	89	+	/bin/mount
	90	+	/bin/ntfs-3g
	91	+	/bin/ping
	92	+	/bin/ping6
	93	+	/bin/su
	94	+	/bin/umount
	95	+	/lib64/dbus-1/dbus-daemon-launch-helper
	96	+	/sbin/mount.ecryptfs_private
	97	+	/sbin/mount.nfs
	98	+	/sbin/pam_timestamp_check
	99	+	/sbin/pccardctl
	100	+	/sbin/unix2_chkpwd
	101	+	/sbin/unix_chkpwd
	102	+	/usr/bin/Xorg
	103	+	/usr/bin/arping
	104	+	/usr/bin/at
	105	+	/usr/bin/beep
	106	+	/usr/bin/chage
	107	+	/usr/bin/chfn
	108	+	/usr/bin/chsh
	109	+	/usr/bin/crontab
	110	+	/usr/bin/expiry
	111	+	/usr/bin/firejail
	112	+	/usr/bin/fusermount
	113	+	/usr/bin/fusermount-glusterfs
	114	+	/usr/bin/gpasswd
	115	+	/usr/bin/kismet_capture
	116	+	/usr/bin/mount
	117	+	/usr/bin/mtr
	118	+	/usr/bin/newgidmap
	119	+	/usr/bin/newgrp
	120	+	/usr/bin/newuidmap
	121	+	/usr/bin/passwd
	122	+	/usr/bin/pkexec
	123	+	/usr/bin/procmail
	124	+	/usr/bin/staprun
	125	+	/usr/bin/su
	126	+	/usr/bin/sudo
	127	+	/usr/bin/sudoedit
	128	+	/usr/bin/traceroute6.iputils
	129	+	/usr/bin/umount
	130	+	/usr/bin/weston-launch
	131	+	/usr/lib/chromium-browser/chrome-sandbox
	132	+	/usr/lib/dbus-1.0/dbus-daemon-launch-helper
	133	+	/usr/lib/dbus-1/dbus-daemon-launch-helper
	134	+	/usr/lib/eject/dmcrypt-get-device
	135	+	/usr/lib/openssh/ssh-keysign
	136	+	/usr/lib/policykit-1/polkit-agent-helper-1
	137	+	/usr/lib/polkit-1/polkit-agent-helper-1
	138	+	/usr/lib/pt_chown
	139	+	/usr/lib/snapd/snap-confine
	140	+	/usr/lib/spice-gtk/spice-client-glib-usb-acl-helper
	141	+	/usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic
	142	+	/usr/lib/xorg/Xorg.wrap
	143	+	/usr/libexec/Xorg.wrap
	144	+	/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
	145	+	/usr/libexec/dbus-1/dbus-daemon-launch-helper
	146	+	/usr/libexec/gstreamer-1.0/gst-ptp-helper
	147	+	/usr/libexec/openssh/ssh-keysign
	148	+	/usr/libexec/polkit-1/polkit-agent-helper-1
	149	+	/usr/libexec/pt_chown
	150	+	/usr/libexec/qemu-bridge-helper
	151	+	/usr/libexec/spice-gtk-x86_64/spice-client-glib-usb-acl-helper
	152	+	/usr/sbin/exim4
	153	+	/usr/sbin/grub2-set-bootflag
	154	+	/usr/sbin/mount.nfs
	155	+	/usr/sbin/mtr-packet
	156	+	/usr/sbin/pam_timestamp_check
	157	+	/usr/sbin/pppd
	158	+	/usr/sbin/pppoe-wrapper
	159	+	/usr/sbin/suexec
	160	+	/usr/sbin/unix_chkpwd
	161	+	/usr/sbin/userhelper
	162	+	/usr/sbin/usernetctl
	163	+	/usr/sbin/uuidd
	164	+	"
165	165		#regex rules for common setuid
166		-	lse_common_setuid+=(
167		-	'/snap/core/.*'
168		-	'/var/tmp/mkinitramfs.*'
169		-	)
	166	+	lse_common_setuid="$lse_common_setuid
	167	+	/snap/core/.*
	168	+	/var/tmp/mkinitramfs.*
	169	+	"
170	170		#critical writable files
171		-	lse_critical_writable=(
172		-	'/etc/apache2/apache2.conf'
173		-	'/etc/apache2/httpd.conf'
174		-	'/etc/bash.bashrc'
175		-	'/etc/bash_completion'
176		-	'/etc/bash_completion.d/*'
177		-	'/etc/environment'
178		-	'/etc/environment.d/*'
179		-	'/etc/hosts.allow'
180		-	'/etc/hosts.deny'
181		-	'/etc/httpd/conf/httpd.conf'
182		-	'/etc/httpd/httpd.conf'
183		-	'/etc/incron.conf'
184		-	'/etc/incron.d/*'
185		-	'/etc/logrotate.d/*'
186		-	'/etc/modprobe.d/*'
187		-	'/etc/pam.d/*'
188		-	'/etc/passwd'
189		-	'/etc/php/fpm/pool.d/'
190		-	'/etc/php//fpm/pool.d/'
191		-	'/etc/profile'
192		-	'/etc/profile.d/*'
193		-	'/etc/rc.d/'
194		-	'/etc/rsyslog.d/*'
195		-	'/etc/shadow'
196		-	'/etc/skel/*'
197		-	'/etc/sudoers'
198		-	'/etc/sudoers.d/*'
199		-	'/etc/supervisor/conf.d/*'
200		-	'/etc/supervisor/supervisord.conf'
201		-	'/etc/sysctl.conf'
202		-	'/etc/sysctl.d/*'
203		-	'/etc/uwsgi/apps-enabled/*'
204		-	'/root/.ssh/authorized_keys'
205		-	)
	171	+	lse_critical_writable="
	172	+	/etc/apache2/apache2.conf
	173	+	/etc/apache2/httpd.conf
	174	+	/etc/bash.bashrc
	175	+	/etc/bash_completion
	176	+	/etc/bash_completion.d/*
	177	+	/etc/environment
	178	+	/etc/environment.d/*
	179	+	/etc/hosts.allow
	180	+	/etc/hosts.deny
	181	+	/etc/httpd/conf/httpd.conf
	182	+	/etc/httpd/httpd.conf
	183	+	/etc/incron.conf
	184	+	/etc/incron.d/*
	185	+	/etc/logrotate.d/*
	186	+	/etc/modprobe.d/*
	187	+	/etc/pam.d/*
	188	+	/etc/passwd
	189	+	/etc/php/fpm/pool.d/
	190	+	/etc/php//fpm/pool.d/
	191	+	/etc/profile
	192	+	/etc/profile.d/*
	193	+	/etc/rc.d/
	194	+	/etc/rsyslog.d/*
	195	+	/etc/shadow
	196	+	/etc/skel/*
	197	+	/etc/sudoers
	198	+	/etc/sudoers.d/*
	199	+	/etc/supervisor/conf.d/*
	200	+	/etc/supervisor/supervisord.conf
	201	+	/etc/sysctl.conf
	202	+	/etc/sysctl.d/*
	203	+	/etc/uwsgi/apps-enabled/*
	204	+	/root/.ssh/authorized_keys
	205	+	"
206	206		#critical writable directories
207		-	lse_critical_writable_dirs=(
208		-	'/etc/bash_completion.d'
209		-	'/etc/cron.d'
210		-	'/etc/cron.daily'
211		-	'/etc/cron.hourly'
212		-	'/etc/cron.weekly'
213		-	'/etc/environment.d'
214		-	'/etc/logrotate.d'
215		-	'/etc/modprobe.d'
216		-	'/etc/pam.d'
217		-	'/etc/profile.d'
218		-	'/etc/rsyslog.d/'
219		-	'/etc/sudoers.d/'
220		-	'/etc/sysctl.d'
221		-	'/root'
222		-	)
	207	+	lse_critical_writable_dirs="
	208	+	/etc/bash_completion.d
	209	+	/etc/cron.d
	210	+	/etc/cron.daily
	211	+	/etc/cron.hourly
	212	+	/etc/cron.weekly
	213	+	/etc/environment.d
	214	+	/etc/logrotate.d
	215	+	/etc/modprobe.d
	216	+	/etc/pam.d
	217	+	/etc/profile.d
	218	+	/etc/rsyslog.d/
	219	+	/etc/sudoers.d/
	220	+	/etc/sysctl.d
	221	+	/root
	222	+	"
223	223		#)
224	224
225	225		#( Options
		skipped 17 lines
243	243		cecho "${red}ERROR: ${reset}$*\n" >&2
244	244		}
245	245		lse_exclude_paths() {
246		-	local IFS=$'\r\n'
247		-	local GLOBIGNORE='*'
	246	+	local IFS="
	247	+	"
248	248		for p in `echo $1 \| tr ',' '\n'`; do
249		-	[ "${p:0:1}" == "/" ] \|\| lse_error "'$p' is not an absolute path."
250		-	[ "${p: -1}" == "/" ] && p="${p%%/}"
251		-	lse_find_opts+=" -path ${p} -prune -o"
	249	+	[ "`printf $p \| cut -c1`" = "/" ] \|\| lse_error "'$p' is not an absolute path."
	250	+	p="${p%%/}"
	251	+	lse_find_opts="$lse_find_opts -path ${p} -prune -o"
252	252		done
253	253		}
254	254		lse_set_level() {
		skipped 62 lines
317	317		# Checks if a test passed by ID
318	318		local id="$1"
319	319		for i in $lse_passed_tests; do
320		-	[ "$i" == "$id" ] && return 0
	320	+	[ "$i" = "$id" ] && return 0
321	321		done
322	322		return 1
323	323		}
		skipped 21 lines
345	345		if [ "$lse_selection" ]; then
346	346		local sel_match=false
347	347		for s in $lse_selection; do
348		-	if [ "$s" == "$id" ] \|\| [ "$s" == "${id:0:3}" ]; then
	348	+	if [ "$s" = "$id" ] \|\| [ "$s" = "`printf '$id' \| cut -c1-3`" ]; then
349	349		sel_match=true
350	350		fi
351	351		done
		skipped 12 lines
364	364		# Check dependencies
365	365		local non_met_deps=""
366	366		for d in $deps; do
367		-	lse_test_passed "$d" \|\| non_met_deps+="$d"
	367	+	lse_test_passed "$d" \|\| non_met_deps="$non_met_deps $d"
368	368		done
369	369		if [ "$non_met_deps" ]; then
370	370		cecho " ${grey}skip\n"
		skipped 21 lines
392	392		fi
393	393		[ "$var" ] && readonly "${var}=$output"
394	394		# Mark test as executed
395		-	lse_executed_tests+=" $id"
	395	+	lse_executed_tests="$lse_executed_tests $id"
396	396		fi
397	397
398	398		if [ -z "$output" ]; then
399	399		cecho "${grey} nope${reset}\n"
400	400		return 1
401	401		else
402		-	lse_passed_tests+=" $id"
	402	+	lse_passed_tests="$lse_passed_tests $id"
403	403		cecho "${r} yes!${reset}\n"
404	404		if [ $lse_level -ge $level ]; then
405	405		cecho "${grey}---$reset\n"
		skipped 38 lines
444	444		if [ "$lse_selection" ]; then
445	445		local sel_match=false
446	446		for s in $lse_selection; do
447		-	if [ "${s:0:3}" == "$id" ]; then
	447	+	if [ "`printf $s\|cut -c1-3`" = "$id" ]; then
448	448		sel_match=true
449	449		break
450	450		fi
		skipped 2 lines
453	453		fi
454	454
455	455		for i in $(seq ${#title} 70); do
456		-	text+="="
	456	+	text="$text="
457	457		done
458		-	text+="(${green} $title ${magenta})====="
	458	+	text="$text(${green} $title ${magenta})====="
459	459		cecho "$text${reset}\n"
460	460		}
461	461		lse_exit() {
462	462		local ec=1
463	463		local text="\n${magenta}=================================="
464	464		[ "$1" ] && ec=$1
465		-	text+="(${green} FINISHED ${magenta})=================================="
	465	+	text="$text(${green} FINISHED ${magenta})=================================="
466	466		cecho "$text${reset}\n"
467	467		exit $ec
468	468		}
		skipped 57 lines
526	526		#check if . is in PATHs
527	527		lse_test "usr080" "0" \
528	528		"Is '.' in a PATH variable defined inside /etc?" \
529		-	'for ep in $lse_exec_paths; do [ "$ep" == "." ] && grep -ER "^ PATH=." /etc/ 2> /dev/null \| tr -d \"\'"'"' \| grep -E "[=:]\.([:[:space:]]\|\$)";done' \
	529	+	'for ep in $lse_exec_paths; do [ "$ep" = "." ] && grep -ER "^ PATH=." /etc/ 2> /dev/null \| tr -d \"\'"'"' \| grep -E "[=:]\.([:[:space:]]\|\$)";done' \
530	530		"usr070"
531	531		}
532	532
		skipped 71 lines
604	604		#uncommon setuid binaries
605	605		lse_test "fst020" "0" \
606	606		"Uncommon setuid binaries" \
607		-	'local setuidbin="$lse_setuid_binaries"; for cs in "${lse_common_setuid[@]}"; do setuidbin=`echo -e "$setuidbin" \| grep -Ev "$cs"`;done ; echo -e "$setuidbin"' \
	607	+	'local setuidbin="$lse_setuid_binaries"; local IFS="
	608	+	"; for cs in ${lse_common_setuid}; do setuidbin=`printf "$setuidbin\n" \| grep -Ev "$cs"`;done ; printf "$setuidbin\n"' \
608	609		"fst010"
609	610
610	611		#can we write to any setuid binary
		skipped 11 lines
622	623		#uncommon setgid binaries
623	624		lse_test "fst050" "0" \
624	625		"Uncommon setgid binaries" \
625		-	'echo -e "$lse_setgid_binaries" \| grep -Ev "^/(bin\|sbin\|usr/bin\|usr/lib\|usr/sbin)"' \
	626	+	'printf "$lse_setgid_binaries\n" \| grep -Ev "^/(bin\|sbin\|usr/bin\|usr/lib\|usr/sbin)"' \
626	627		"fst040"
627	628
628	629		#can we write to any setgid binary
		skipped 50 lines
679	680		#can we write to files that can give us root
680	681		lse_test "fst160" "0" \
681	682		"Can we write to critical files?" \
682		-	'for uw in $lse_user_writable; do [ -f "$uw" ] && for cw in "${lse_critical_writable[@]}"; do [ "$cw" == "$uw" ] && [ -w "$cw" ] && ls -l $cw; done ; done' \
	683	+	'for uw in $lse_user_writable; do [ -f "$uw" ] && IFS="
	684	+	"; for cw in ${lse_critical_writable}; do [ "$cw" = "$uw" ] && [ -w "$cw" ] && ls -l $cw; done ; done' \
683	685		"fst000"
684	686
685	687		#can we write to directories that can give us root
686	688		lse_test "fst170" "0" \
687	689		"Can we write to critical directories?" \
688		-	'for uw in $lse_user_writable; do [ -d "$uw" ] && for cw in "${lse_critical_writable_dirs[@]}"; do [ "$cw" == "$uw" ] && [ -w "$cw" ] && ls -ld $cw; done ; done' \
	690	+	'for uw in $lse_user_writable; do [ -d "$uw" ] && IFS="
	691	+	"; for cw in ${lse_critical_writable_dirs}; do [ "$cw" = "$uw" ] && [ -w "$cw" ] && ls -ld $cw; done ; done' \
689	692		"fst000"
690	693
691	694		#can we write to directories inside PATHS
		skipped 68 lines
760	763		#check for superuser accounts
761	764		lse_test "sys040" "1" \
762	765		"Check for other superuser accounts" \
763		-	'for u in $(cut -d: -f1 /etc/passwd); do [ $(id -u $u) == 0 ] && echo $u; done \| grep -v root'
	766	+	'for u in $(cut -d: -f1 /etc/passwd); do [ $(id -u $u) = 0 ] && echo $u; done \| grep -v root'
764	767
765	768		#can root log in via SSH
766	769		lse_test "sys050" "1" \
		skipped 36 lines
803	806		#check if we can write an a binary with capabilities
804	807		lse_test "sec020" "0" \
805	808		"Can we write to a binary with caps?" \
806		-	'for b in $(echo -e "$lse_cap_bin" \| cut -d" " -f1); do [ -w "$b" ] && echo "$b"; done'
	809	+	'for b in $(printf "$lse_cap_bin\n" \| cut -d" " -f1); do [ -w "$b" ] && echo "$b"; done'
807	810
808	811		#check if we have all capabilities in any binary
809	812		lse_test "sec030" "0" \
810	813		"Do we have all caps in any binary?" \
811		-	'echo -e "$lse_cap_bin" \| grep -v "cap_"'
	814	+	'printf "$lse_cap_bin\n" \| grep -v "cap_"'
812	815
813	816		#search /etc/security/capability.conf for users associated capapilies
814	817		lse_test "sec040" "1" \
		skipped 5 lines
820	823		#does user have capabilities
821	824		lse_test "sec050" "0" \
822	825		"Does current user have capabilities?" \
823		-	'echo -e "$lse_user_caps" \| grep "$lse_user"' \
	826	+	'printf "$lse_user_caps\n" \| grep "$lse_user"' \
824	827		"sec040"
825	828		}
826	829
		skipped 56 lines
883	886		#can we write in any system timer?
884	887		lse_test "ret510" "0" \
885	888		"Can we write in any system timer?" \
886		-	'echo -e "$lse_user_writable" \| grep -E "\.timer$"' \
	889	+	'printf "$lse_user_writable\n" \| grep -E "\.timer$"' \
887	890		"fst000"
888	891
889	892		#system timers
		skipped 62 lines
952	955		#check write permissions in init.d/* inetd.conf xinetd.conf
953	956		lse_test "srv000" "0" \
954	957		"Can we write in service files?" \
955		-	'echo -e "$lse_user_writable" \| grep -E "^/etc/(init/\|init\.d/\|rc\.d/\|rc[0-9S]\.d/\|rc\.local\|inetd\.conf\|xinetd\.conf\|xinetd\.d/)"' \
	958	+	'printf "$lse_user_writable\n" \| grep -E "^/etc/(init/\|init\.d/\|rc\.d/\|rc[0-9S]\.d/\|rc\.local\|inetd\.conf\|xinetd\.conf\|xinetd\.d/)"' \
956	959		"fst000"
957	960
958	961		#check write permissions for binaries involved in services
		skipped 60 lines
1019	1022		#check write permissions in systemd services
1020	1023		lse_test "srv500" "0" \
1021	1024		"Can we write in systemd service files?" \
1022		-	'echo -e "$lse_user_writable" \| grep -E "^/(etc/systemd/\|lib/systemd/).+\.service$"' \
	1025	+	'printf "$lse_user_writable\n" \| grep -E "^/(etc/systemd/\|lib/systemd/).+\.service$"' \
1023	1026		"fst000"
1024	1027
1025	1028		#check write permissions for binaries involved in systemd services
		skipped 33 lines
1059	1062		#list processes running as users with shell
1060	1063		lse_test "pro020" "1" \
1061	1064		"Processes running by non-root users with shell" \
1062		-	'for user in `echo -e "$lse_shell_users" \| cut -d: -f1 \| grep -v root`; do ps -u "$user" \| grep -Eq "^ *[0-9]" && echo -e "\n\n------ $user ------\n\n" && ps -u $user -f; done' \
	1065	+	'for user in `printf "$lse_shell_users\n" \| cut -d: -f1 \| grep -v root`; do ps -u "$user" \| grep -Eq "^ *[0-9]" && printf "\n\n------ $user ------\n\n\n" && ps -u $user -f; done' \
1063	1066		"usr030"
1064	1067
1065	1068		#running processes
		skipped 4 lines
1070	1073		#list running process binaries and their permissions
1071	1074		lse_test "pro510" "2" \
1072	1075		"Running process binaries and permissions" \
1073		-	'echo -e "$lse_proc_bin" \| xargs -n1 ls -l'
	1076	+	'printf "$lse_proc_bin\n" \| xargs -n1 ls -l'
1074	1077		}
1075	1078
1076	1079
		skipped 96 lines
1173	1176		e) lse_exclude_paths "${OPTARG}";;
1174	1177		i) lse_interactive=false;;
1175	1178		l) lse_set_level "${OPTARG}";;
1176		-	s) lse_selection="${OPTARG//,/ }";;
	1179	+	s) lse_selection="`printf ${OPTARG}\|sed 's/,/ /g'`";;
1177	1180		h) lse_help; exit 0;;
1178	1181		*) lse_help; exit 1;;
1179	1182		esac
1180	1183		done
1181	1184
1182	1185		#trap to exec on SIGINT
1183		-	trap "lse_exit 1" SIGINT
	1186	+	trap "lse_exit 1" 2
1184	1187
1185	1188		lse_request_information
1186	1189		lse_show_info
		skipped 17 lines

First migration to POSIX compliance