Lines 490-516
Link Here
|
490 |
fi |
490 |
fi |
491 |
# total suid control. |
491 |
# total suid control. |
492 |
if hasq suidctl $FEATURES; then |
492 |
if hasq suidctl $FEATURES; then |
|
|
493 |
local sfconf |
493 |
sfconf=${PORTAGE_CONFIGROOT}etc/portage/suidctl.conf |
494 |
sfconf=${PORTAGE_CONFIGROOT}etc/portage/suidctl.conf |
|
|
495 |
# sandbox prevents us from writing directly |
496 |
# to files outside of the sandbox, but this |
497 |
# can easly be bypassed using the addwrite() function |
498 |
addwrite "${sfconf}" |
494 |
vecho ">>> Performing suid scan in ${D}" |
499 |
vecho ">>> Performing suid scan in ${D}" |
495 |
for i in $(find "${D}" -type f \( -perm -4000 -o -perm -2000 \) ); do |
500 |
for i in $(find "${D}" -type f \( -perm -4000 -o -perm -2000 \) ); do |
496 |
if [ -s "${sfconf}" ]; then |
501 |
if [ -s "${sfconf}" ]; then |
497 |
suid="$(grep "^/${i#${D}}$" "${sfconf}")" |
502 |
install_path=/${i#${D}} |
498 |
if [ "${suid}" = "${i/${D}}" ]; then |
503 |
if grep -q "^${install_path}\$" "${sfconf}" ; then |
499 |
vecho "- ${i/${D}} is an approved suid file" |
504 |
vecho "- ${install_path} is an approved suid file" |
500 |
else |
505 |
else |
501 |
vecho ">>> Removing sbit on non registered ${i/${D}}" |
506 |
vecho ">>> Removing sbit on non registered ${install_path}" |
502 |
for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done |
507 |
for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done |
503 |
vecho -ne "\a" |
508 |
vecho -ne "\a" |
504 |
ls_ret=$(ls -ldh "${i}") |
509 |
ls_ret=$(ls -ldh "${i}") |
505 |
chmod ugo-s "${i}" |
510 |
chmod ugo-s "${i}" |
506 |
grep "^#${i/${D}}$" "${sfconf}" > /dev/null || { |
511 |
grep "^#${install_path}$" "${sfconf}" > /dev/null || { |
507 |
# sandbox prevents us from writing directly |
|
|
508 |
# to files outside of the sandbox, but this |
509 |
# can easly be bypassed using the addwrite() function |
510 |
addwrite "${sfconf}" |
511 |
vecho ">>> Appending commented out entry to ${sfconf} for ${PF}" |
512 |
vecho ">>> Appending commented out entry to ${sfconf} for ${PF}" |
512 |
echo "## ${ls_ret%${D}*}${ls_ret#*${D}}" >> "${sfconf}" |
513 |
echo "## ${ls_ret%${D}*}${install_path}" >> "${sfconf}" |
513 |
echo "#${i/${D}}" >> "${sfconf}" |
514 |
echo "#${install_path}" >> "${sfconf}" |
514 |
# no delwrite() eh? |
515 |
# no delwrite() eh? |
515 |
# delwrite ${sconf} |
516 |
# delwrite ${sconf} |
516 |
} |
517 |
} |