From 046d43fbe843f8b861c062989f31ab699cd57838 Mon Sep 17 00:00:00 2001
From: Trenton Holmes <holmes.trenton@gmail.com>
Date: Tue, 25 Oct 2022 09:40:01 -0700
Subject: [PATCH] Limits tamper check find to depth 1, as only files at the
 first level could be run

---
 docker/docker-prepare.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/docker-prepare.sh b/docker/docker-prepare.sh
index 92c9d1f15..18b5e8815 100755
--- a/docker/docker-prepare.sh
+++ b/docker/docker-prepare.sh
@@ -97,12 +97,12 @@ custom_container_init() {
 	# Don't run files which are owned by anyone except root
 	# Don't run files which are writeable by others
 	if [ -d "${custom_script_dir}" ]; then
-		if [ -n "$(/usr/bin/find "${custom_script_dir}" ! -user root)" ]; then
+		if [ -n "$(/usr/bin/find "${custom_script_dir}" -maxdepth 1 ! -user root)" ]; then
 			echo "**** Potential tampering with custom scripts detected ****"
 			echo "**** The folder '${custom_script_dir}' must be owned by root ****"
 			return 0
 		fi
-		if [ -n "$(/usr/bin/find "${custom_script_dir}" -perm -o+w)" ]; then
+		if [ -n "$(/usr/bin/find "${custom_script_dir}" -maxdepth 1 -perm -o+w)" ]; then
 			echo "**** The folder '${custom_script_dir}' or some of contents have write permissions for others, which is a security risk. ****"
 			echo "**** Please review the permissions and their contents to make sure they are owned by root, and can only be modified by root. ****"
 			return 0