From 817db0ea98b228af80084ed898287a3b24748cdc Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 14 Feb 2012 12:51:33 +0000
Subject: [PATCH] abuild: check for non-PIE suid files

fixes #955
---
 abuild.in | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/abuild.in b/abuild.in
index 18a8c8c1..9758f854 100755
--- a/abuild.in
+++ b/abuild.in
@@ -552,6 +552,15 @@ postcheck() {
 		warning "World writeable directories found:"
 		echo "$i"
 	fi
+	# check so we dont have any suid root binaries that are not 
+	i=$(find "$dir" -type f -perm +6000 \
+		| xargs scanelf --nobanner --etype ET_EXEC \
+		| sed "s|ET_EXEC $dir|\t|")
+	if [ -n "$i" ]; then
+		error "Found non-PIE files that has SUID:"
+		echo "$i"
+		return 1
+	fi
 	return 0
 }
 
-- 
GitLab