abuild: check for suid binaries

Rais an error when binaries with suid bit set found. You need set options="suid" to allow it.
2025-01-12 01:39:45 +00:00 · 2014-09-25 07:34:57 +00:00 · 2014-09-25 07:34:57 +00:00 · 7af694c9ad
commit 7af694c9ad
parent 6bc28a2a1c
1 changed files with 12 additions and 1 deletions
--- a/abuild.in
+++ b/abuild.in
@ -634,7 +634,7 @@ postcheck() {
 		warning "World writeable directories found:"
 		echo "$i"
 	fi
-	# check so we dont have any suid root binaries that are not
+	# check so we dont have any suid root binaries that are not PIE
 	i=$(find "$dir" -type f -perm +6000 \
 		| xargs scanelf --nobanner --etype ET_EXEC \
 		| sed "s|ET_EXEC $dir|\t|")
@ -643,6 +643,17 @@ postcheck() {
 		echo "$i"
 		return 1
 	fi
+	# test suid bit on executable
+	if ! options_has "suid"; then
+		i=$(find "$dir" \( -perm -u+s -o -perm -g+s \) -a -type f \
+			-a -perm -o+x)
+		if [ -n "$i" ]; then
+			error "Found executable files with SUID bit set:"
+			echo "$i"
+			return 1
+		fi
+	fi
+
 	# test for textrels
 	if ! options_has "textrels"; then
 		local res="$(scanelf --recursive --textrel --quiet "$dir")"