abuild: check for non-PIE suid files

fixes #955
2025-01-13 18:50:31 +00:00 · 2012-02-14 12:51:33 +00:00 · 2012-02-14 12:51:33 +00:00 · 817db0ea98
commit 817db0ea98
parent 7759f5e5df
1 changed files with 9 additions and 0 deletions
--- a/abuild.in
+++ b/abuild.in
@ -552,6 +552,15 @@ postcheck() {
 		warning "World writeable directories found:"
 		echo "$i"
 	fi
+	# check so we dont have any suid root binaries that are not 
+	i=$(find "$dir" -type f -perm +6000 \
+		| xargs scanelf --nobanner --etype ET_EXEC \
+		| sed "s|ET_EXEC $dir|\t|")
+	if [ -n "$i" ]; then
+		error "Found non-PIE files that has SUID:"
+		echo "$i"
+		return 1
+	fi
 	return 0
 }