# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

bad_bin_group_write_check() {
    # Warn about globally-installed executables (in /bin, /usr/bin, /sbin,
    # or /usr/sbin) that are group-writable by a non-root group.
    local d f

    # We use ${D} instead of ${ED} to avoid false positives on prefix.
    for d in "${D}/bin" "${D}/usr/bin" "${D}/sbin" "${D}/usr/sbin"; do
        test -d "${d}" || continue
        # Use -L to catch symlinks whose targets are vulnerable.
        for f in $(find -L "${d}" -maxdepth 1 \
	                          -type f \
				  -perm /g+w \
				  ! -group root); do
            # Strip off the leading ${D} before outputting the path.
            f=$(echo "${f}" | sed -e "s:^${D}::")
            eqawarn "system executable group-writable by non-root group: ${f}"
        done
    done
}

bad_bin_group_write_check
: