diff options
| -rw-r--r-- | abuild.in | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -634,7 +634,7 @@ postcheck() { warning "World writeable directories found:" echo "$i" fi - # check so we dont have any suid root binaries that are not + # check so we dont have any suid root binaries that are not PIE i=$(find "$dir" -type f -perm +6000 \ | xargs scanelf --nobanner --etype ET_EXEC \ | sed "s|ET_EXEC $dir|\t|") @@ -643,6 +643,17 @@ postcheck() { echo "$i" return 1 fi + # test suid bit on executable + if ! options_has "suid"; then + i=$(find "$dir" \( -perm -u+s -o -perm -g+s \) -a -type f \ + -a -perm -o+x) + if [ -n "$i" ]; then + error "Found executable files with SUID bit set:" + echo "$i" + return 1 + fi + fi + # test for textrels if ! options_has "textrels"; then local res="$(scanelf --recursive --textrel --quiet "$dir")" |