Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame^] | 1 | #!/bin/sh |
| 2 | # find_elf4tmp utility |
| 3 | # Copyright (c) 2010-12 Steve Grubb. ALL RIGHTS RESERVED. |
| 4 | # sgrubb@redhat.com |
| 5 | # |
| 6 | # This software may be freely redistributed under the terms of the GNU |
| 7 | # public license. |
| 8 | # |
| 9 | # You should have received a copy of the GNU General Public License |
| 10 | # along with this program; if not, write to the Free Software |
| 11 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| 12 | |
| 13 | # This script will search a directory and its subdirectories for all elf |
| 14 | # executables. It will then search for the use of the tmp directory. If it finds |
| 15 | # this is true, it will then check to see if XXX is being used which would |
| 16 | # indicate that the path is going to be randomized. |
| 17 | |
| 18 | if [ $# -ge 2 ] ; then |
| 19 | echo "Usage: find_elf4tmp [directory]" 1>&2 |
| 20 | exit 1 |
| 21 | fi |
| 22 | if [ ! -x /usr/bin/strings ] ; then |
| 23 | echo "Skipping due to missing /usr/bin/eu-strings utility" |
| 24 | exit 1 |
| 25 | fi |
| 26 | if [ -h /bin ] ; then |
| 27 | DIRS="/usr/bin /usr/sbin /usr/libexec /usr/kerberos /usr/games /usr/lib /usr/lib64 /usr/local" |
| 28 | else |
| 29 | DIRS="/bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/kerberos /usr/games /lib /lib64 /usr/lib /usr/lib64 /usr/local" |
| 30 | fi |
| 31 | if [ $# -eq 1 ] ; then |
| 32 | if [ -d "$1" ] ; then |
| 33 | DIRS="$1" |
| 34 | else |
| 35 | echo "Option passed in was not a directory" 1>&2 |
| 36 | exit 1 |
| 37 | fi |
| 38 | fi |
| 39 | |
| 40 | FOUND=0 |
| 41 | for d in $DIRS |
| 42 | do |
| 43 | if [ ! -d $d ] ; then |
| 44 | continue |
| 45 | fi |
| 46 | # echo "Scanning files in $d..." |
| 47 | for f in `/usr/bin/find $d -type f 2>/dev/null` |
| 48 | do |
| 49 | # Get just the elf executables |
| 50 | testf=`echo $f | /usr/bin/file -n -f - 2>/dev/null | grep ELF` |
| 51 | if [ x"$testf" != "x" ] ; then |
| 52 | test_res=`/usr/bin/strings $f | /bin/grep '/tmp/' | /bin/egrep -v 'XX|/tmp/$|[ .,:]/tmp/'` |
| 53 | if [ x"$test_res" = "x" ] ; then |
| 54 | continue |
| 55 | fi |
| 56 | |
| 57 | # Do further examination... |
| 58 | syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' mkstemp@.*GLIBC| tempnam@.*GLIBC| tmpfile@.*GLIBC'` |
| 59 | if [ x"$syms" != "x" ] ; then |
| 60 | continue |
| 61 | fi |
| 62 | |
| 63 | # Well its a bad one...out with it |
| 64 | FOUND=1 |
| 65 | |
| 66 | # Get the package |
| 67 | RPM=`/bin/rpm -qf --queryformat "%{NAME}-%{VERSION}" $f 2>/dev/null | /bin/grep -v 'not owned' | /usr/bin/sort | /usr/bin/uniq` |
| 68 | if [ x"$RPM" = "x" ] ; then |
| 69 | RPM="<unowned>" |
| 70 | fi |
| 71 | |
| 72 | # For each tmp string, output the line |
| 73 | echo $test_res | /usr/bin/tr '\b' '\n' | /usr/bin/awk 'NF >= 1 { printf "%-46s\t%-30s\t%s\n", f, r, $1 }' r=$RPM f=$f |
| 74 | fi |
| 75 | done |
| 76 | done |
| 77 | if [ $FOUND -eq 0 ] ; then |
| 78 | # Nothing to report, just exit |
| 79 | echo "No problems found" 1>&2 |
| 80 | exit 0 |
| 81 | fi |
| 82 | exit 1 |
| 83 | |
| 84 | |