Commit 7af694c9 authored by Natanael Copa's avatar Natanael Copa

abuild: check for suid binaries

Rais an error when binaries with suid bit set found. You need set
options="suid" to allow it.
parent 6bc28a2a
......@@ -634,7 +634,7 @@ postcheck() {
warning "World writeable directories found:"
echo "$i"
fi
# check so we dont have any suid root binaries that are not
# check so we dont have any suid root binaries that are not PIE
i=$(find "$dir" -type f -perm +6000 \
| xargs scanelf --nobanner --etype ET_EXEC \
| sed "s|ET_EXEC $dir|\t|")
......@@ -643,6 +643,17 @@ postcheck() {
echo "$i"
return 1
fi
# test suid bit on executable
if ! options_has "suid"; then
i=$(find "$dir" \( -perm -u+s -o -perm -g+s \) -a -type f \
-a -perm -o+x)
if [ -n "$i" ]; then
error "Found executable files with SUID bit set:"
echo "$i"
return 1
fi
fi
# test for textrels
if ! options_has "textrels"; then
local res="$(scanelf --recursive --textrel --quiet "$dir")"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment