Squashed 'import-layers/meta-security/' content from commit 4d139b9
Subtree from git://git.yoctoproject.org/meta-security
Change-Id: I14bb13faa3f2b2dc1f5d81b339dd48ffedf8562f
git-subtree-dir: import-layers/meta-security
git-subtree-split: 4d139b95c4f152d132592f515c5151f4dd6269c1
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/import-layers/meta-security/recipes-security/redhat-security/files/find-chroot-py.sh b/import-layers/meta-security/recipes-security/redhat-security/files/find-chroot-py.sh
new file mode 100644
index 0000000..9996e08
--- /dev/null
+++ b/import-layers/meta-security/recipes-security/redhat-security/files/find-chroot-py.sh
@@ -0,0 +1,96 @@
+#!/bin/sh
+#
+# find-chroot-py utility
+# Copyright (c) 2011 Steve Grubb. ALL RIGHTS RESERVED.
+# sgrubb@redhat.com
+#
+# This software may be freely redistributed under the terms of the GNU
+# public license.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+# This program looks for python apps that use chroot(2) without using chdir(2)
+#
+# To save to file: ./find-chroot | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | tee findings.txt
+
+libdirs="/lib /lib64 /usr/lib /usr/lib64"
+progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
+FOUND=0
+
+# First param is which list to use, second is search pattern
+scan () {
+if [ "$1" = "1" ] ; then
+ dirs=$libdirs
+elif [ "$1" = "2" ] ; then
+ dirs=$progdirs
+elif [ "$1" = "3" ] ; then
+ dirs=$3
+fi
+
+for d in $dirs ; do
+ if [ ! -d $d ] ; then
+ continue
+ fi
+ files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
+ for f in $files
+ do
+ if [ "$1" = "2" ] ; then
+ testf=`/usr/bin/file $f | egrep 'ython'`
+ if [ x"$testf" = "x" ] ; then
+ continue
+ fi
+ fi
+ syms=`egrep ' os.chroot' $f`
+ if [ x"$syms" != "x" ] ; then
+ syms=`egrep ' os.chdir' $f`
+ if [ x"$syms" = "x" ] ; then
+ if [ $FOUND = 0 ] ; then
+ printf "%-44s%s\n" "FILE" " PACKAGE"
+ FOUND=1
+ fi
+ # Red
+ printf "\033[31m%-44s\033[m" $f
+ #rpm -qf --queryformat "%{NAME}-%{VERSION}" $f
+ rpm -qf --queryformat " %{SOURCERPM}" $f
+ echo
+ else
+ # One last test to see if chdir is within 4
+ # lines of chroot
+ syms=`cat $f | egrep ' os.chroot' -A3 | egrep ' os.chdir'`
+ if [ x"$syms" = "x" ] ; then
+ if [ $FOUND = 0 ] ; then
+ printf "%-44s%s\n" "FILE" " PACKAGE"
+ FOUND=1
+ fi
+ printf "\033[31m%-44s\033[m" $f
+ rpm -qf --queryformat " %{SOURCERPM}" $f
+ echo
+ fi
+ fi
+ fi
+ done
+done
+}
+
+if [ $# -eq 1 ] ; then
+ if [ -d $1 ] ; then
+ scan 3 '*' $1
+ else
+ echo "Input is not a directory"
+ exit 1
+ fi
+else
+ scan 2 '*'
+ scan 1 '*.py'
+fi
+
+if [ $FOUND -eq 0 ] ; then
+ # Nothing to report, just exit
+ echo "No problems found" 1>&2
+ exit 0
+fi
+exit 1
+
+