abuild: check for non-PIE suid files

fixes #955
author: Natanael Copa <ncopa@alpinelinux.org> 2012-02-14 12:51:33 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2012-02-14 12:51:33 +0000
commit: 817db0ea98b228af80084ed898287a3b24748cdc (patch)
tree: 0383c339cb8918a0275eba09dbdb51244f5fd539
parent: 7759f5e5dfcbeeb1614019105f75710d440d7987 (diff)
download: abuild-817db0ea98b228af80084ed898287a3b24748cdc.tar.gz
abuild-817db0ea98b228af80084ed898287a3b24748cdc.tar.bz2
abuild-817db0ea98b228af80084ed898287a3b24748cdc.tar.xz
abuild-817db0ea98b228af80084ed898287a3b24748cdc.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/abuild.in b/abuild.in
index 18a8c8c..9758f85 100755
--- a/abuild.in
+++ b/abuild.in
@@ -552,6 +552,15 @@ postcheck() {
 		warning "World writeable directories found:"
 		echo "$i"
 	fi
+	# check so we dont have any suid root binaries that are not 
+	i=$(find "$dir" -type f -perm +6000 \
+		| xargs scanelf --nobanner --etype ET_EXEC \
+		| sed "s|ET_EXEC $dir|\t|")
+	if [ -n "$i" ]; then
+		error "Found non-PIE files that has SUID:"
+		echo "$i"
+		return 1
+	fi
 	return 0
 }
author	Natanael Copa <ncopa@alpinelinux.org>	2012-02-14 12:51:33 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2012-02-14 12:51:33 +0000
commit	817db0ea98b228af80084ed898287a3b24748cdc (patch)
tree	0383c339cb8918a0275eba09dbdb51244f5fd539
parent	7759f5e5dfcbeeb1614019105f75710d440d7987 (diff)
download	abuild-817db0ea98b228af80084ed898287a3b24748cdc.tar.gz abuild-817db0ea98b228af80084ed898287a3b24748cdc.tar.bz2 abuild-817db0ea98b228af80084ed898287a3b24748cdc.tar.xz abuild-817db0ea98b228af80084ed898287a3b24748cdc.zip