diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-25 07:34:57 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-25 07:34:57 +0000 |
| commit | 7af694c9add866277a9c7867a9520784f76c2fa0 (patch) | |
| tree | ad5b56519fc633a6f19bb09fe720103103afc0a3 /abuild.in | |
| parent | 6bc28a2a1c68d16566a2a90406cbfeb077164cdd (diff) | |
| download | abuild-7af694c9add866277a9c7867a9520784f76c2fa0.tar.gz abuild-7af694c9add866277a9c7867a9520784f76c2fa0.tar.bz2 abuild-7af694c9add866277a9c7867a9520784f76c2fa0.tar.xz abuild-7af694c9add866277a9c7867a9520784f76c2fa0.zip | |
abuild: check for suid binaries
Rais an error when binaries with suid bit set found. You need set
options="suid" to allow it.
Diffstat (limited to 'abuild.in')
| -rw-r--r-- | abuild.in | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -634,7 +634,7 @@ postcheck() { warning "World writeable directories found:" echo "$i" fi - # check so we dont have any suid root binaries that are not + # check so we dont have any suid root binaries that are not PIE i=$(find "$dir" -type f -perm +6000 \ | xargs scanelf --nobanner --etype ET_EXEC \ | sed "s|ET_EXEC $dir|\t|") @@ -643,6 +643,17 @@ postcheck() { echo "$i" return 1 fi + # test suid bit on executable + if ! options_has "suid"; then + i=$(find "$dir" \( -perm -u+s -o -perm -g+s \) -a -type f \ + -a -perm -o+x) + if [ -n "$i" ]; then + error "Found executable files with SUID bit set:" + echo "$i" + return 1 + fi + fi + # test for textrels if ! options_has "textrels"; then local res="$(scanelf --recursive --textrel --quiet "$dir")" |