Attachment #38917 for bug #62674




		echo "UNSAFE SetUID: $i"
	done
	
	if [ -x /usr/bin/readelf -a -x /usr/bin/file ]; then
		for x in $(find "${D}/" -type f \( -perm -04000 -o -perm -02000 \) ); do
			f=$(file "${x}")
			if [ -z "${f/*SB executable*/}" -o -z "${f/*SB shared object*/}" ]; then
				/usr/bin/readelf -d "${x}" | egrep "(FLAGS)(.*)BIND_NOW" > /dev/null
				if [ $? != 0 ]; then
					if [ ! -z "${f/*statically linked*/}" ]; then
						#uncomment this line out after developers have had ample time to fix pkgs.
						#UNSAFE=$(($UNSAFE + 1))
						echo -ne '\a'
						echo "QA Notice: Security risk ${x:${#D}:${#x}}. Please consider relinking with 'append-ldflags -Wl,-z,now' to fix."
						echo -ne '\a'
						sleep 1
					fi
				fi
			fi
		done
	fi

	if [[ $UNSAFE > 0 ]]; then
		die "There are ${UNSAFE} unsafe files. Portage will not install them."
	fi

Return to bug 62674

Lines 961-966 dyn_install() { Link Here

(-)ebuild.sh (+19 lines)
961	echo "UNSAFE SetUID: $i"	964	echo "UNSAFE SetUID: $i"
962	done	965	done
963		966
		967	if [ -x /usr/bin/readelf -a -x /usr/bin/file ]; then
		968	for x in $(find "${D}/" -type f \( -perm -04000 -o -perm -02000 \) ); do
		969	f=$(file "${x}")
		970	if [ -z "${f/SB executable/}" -o -z "${f/SB shared object/}" ]; then
		971	/usr/bin/readelf -d "${x}" \| egrep "(FLAGS)(.*)BIND_NOW" > /dev/null
		972	if [ $? != 0 ]; then
		973	if [ ! -z "${f/statically linked/}" ]; then
		974	#uncomment this line out after developers have had ample time to fix pkgs.
		975	#UNSAFE=$(($UNSAFE + 1))
		976	echo -ne '\a'
		977	echo "QA Notice: Security risk ${x:${#D}:${#x}}. Please consider relinking with 'append-ldflags -Wl,-z,now' to fix."
		978	echo -ne '\a'
		979	sleep 1
		980	fi
		981	fi
		982	fi
		983	done
		984	fi
		985
964	if [[ $UNSAFE > 0 ]]; then	986	if [[ $UNSAFE > 0 ]]; then
965	die "There are ${UNSAFE} unsafe files. Portage will not install them."	987	die "There are ${UNSAFE} unsafe files. Portage will not install them."
966	fi	988	fi