Attachment #145228 for bug #210372




	fi
	# total suid control.
	if hasq suidctl $FEATURES; then
		local sfconf
		sfconf=${PORTAGE_CONFIGROOT}etc/portage/suidctl.conf
		# sandbox prevents us from writing directly
		# to files outside of the sandbox, but this
		# can easly be bypassed using the addwrite() function
		addwrite "${sfconf}"
		vecho ">>> Performing suid scan in ${D}"
		for i in $(find "${D}" -type f \( -perm -4000 -o -perm -2000 \) ); do
			if [ -s "${sfconf}" ]; then
				install_path=/${i#${D}}
				if grep -q "^${install_path}\$" "${sfconf}" ; then
					vecho "- ${install_path} is an approved suid file"
				else
					vecho ">>> Removing sbit on non registered ${install_path}"
					for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done
					vecho -ne "\a"
					ls_ret=$(ls -ldh "${i}")
					chmod ugo-s "${i}"
					grep "^#${install_path}$" "${sfconf}" > /dev/null || {
						# sandbox prevents us from writing directly
						# to files outside of the sandbox, but this
						# can easly be bypassed using the addwrite() function
						addwrite "${sfconf}"
						vecho ">>> Appending commented out entry to ${sfconf} for ${PF}"
						echo "## ${ls_ret%${D}*}${install_path}" >> "${sfconf}"
						echo "#${install_path}" >> "${sfconf}"
						# no delwrite() eh?
						# delwrite ${sconf}
					}

Return to bug 210372

Lines 490-516 Link Here

(-)bin/misc-functions.sh (-11 / +12 lines)
490	fi	490	fi
491	# total suid control.	491	# total suid control.
492	if hasq suidctl $FEATURES; then	492	if hasq suidctl $FEATURES; then
		493	local sfconf
493	sfconf=${PORTAGE_CONFIGROOT}etc/portage/suidctl.conf	494	sfconf=${PORTAGE_CONFIGROOT}etc/portage/suidctl.conf
		495	# sandbox prevents us from writing directly
		496	# to files outside of the sandbox, but this
		497	# can easly be bypassed using the addwrite() function
		498	addwrite "${sfconf}"
494	vecho ">>> Performing suid scan in ${D}"	499	vecho ">>> Performing suid scan in ${D}"
495	for i in $(find "${D}" -type f \( -perm -4000 -o -perm -2000 \) ); do	500	for i in $(find "${D}" -type f \( -perm -4000 -o -perm -2000 \) ); do
496	if [ -s "${sfconf}" ]; then	501	if [ -s "${sfconf}" ]; then
497	suid="$(grep "^/${i#${D}}$" "${sfconf}")"	502	install_path=/${i#${D}}
498	if [ "${suid}" = "${i/${D}}" ]; then	503	if grep -q "^${install_path}\$" "${sfconf}" ; then
499	vecho "- ${i/${D}} is an approved suid file"	504	vecho "- ${install_path} is an approved suid file"
500	else	505	else
501	vecho ">>> Removing sbit on non registered ${i/${D}}"	506	vecho ">>> Removing sbit on non registered ${install_path}"
502	for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done	507	for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done
503	vecho -ne "\a"	508	vecho -ne "\a"
504	ls_ret=$(ls -ldh "${i}")	509	ls_ret=$(ls -ldh "${i}")
505	chmod ugo-s "${i}"	510	chmod ugo-s "${i}"
506	grep "^#${i/${D}}$" "${sfconf}" > /dev/null \|\| {	511	grep "^#${install_path}$" "${sfconf}" > /dev/null \|\| {
507	# sandbox prevents us from writing directly
508	# to files outside of the sandbox, but this
509	# can easly be bypassed using the addwrite() function
510	addwrite "${sfconf}"
511	vecho ">>> Appending commented out entry to ${sfconf} for ${PF}"	512	vecho ">>> Appending commented out entry to ${sfconf} for ${PF}"
512	echo "## ${ls_ret%${D}}${ls_ret#${D}}" >> "${sfconf}"	513	echo "## ${ls_ret%${D}*}${install_path}" >> "${sfconf}"
513	echo "#${i/${D}}" >> "${sfconf}"	514	echo "#${install_path}" >> "${sfconf}"
514	# no delwrite() eh?	515	# no delwrite() eh?
515	# delwrite ${sconf}	516	# delwrite ${sconf}
516	}	517	}