diff options
| author | Andrei Dinu <andrei.adrianx.dinu@intel.com> | 2013-06-17 17:24:38 +0300 |
|---|---|---|
| committer | Andrei Dinu <andrei.adrianx.dinu@intel.com> | 2013-06-17 17:24:38 +0300 |
| commit | 60d90b25631471e8193b3069c6a520ccf7c82008 (patch) | |
| tree | e413ea3904059ff52a4539aeff358518fa0ae327 /recipes-security/redhat-security/files/find-sh4tmp.sh | |
| download | meta-security-60d90b25631471e8193b3069c6a520ccf7c82008.tar.gz | |
meta-security : initial commit
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Diffstat (limited to 'recipes-security/redhat-security/files/find-sh4tmp.sh')
| -rw-r--r-- | recipes-security/redhat-security/files/find-sh4tmp.sh | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/recipes-security/redhat-security/files/find-sh4tmp.sh b/recipes-security/redhat-security/files/find-sh4tmp.sh new file mode 100644 index 0000000..7fd1af7 --- /dev/null +++ b/recipes-security/redhat-security/files/find-sh4tmp.sh | |||
| @@ -0,0 +1,116 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | # find_sh4tmp utility | ||
| 3 | # Copyright (c) 2005 Steve Grubb. ALL RIGHTS RESERVED. | ||
| 4 | # sgrubb@redhat.com | ||
| 5 | # | ||
| 6 | # This software may be freely redistributed under the terms of the GNU | ||
| 7 | # public license. | ||
| 8 | # | ||
| 9 | # You should have received a copy of the GNU General Public License | ||
| 10 | # along with this program; if not, write to the Free Software | ||
| 11 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | ||
| 12 | |||
| 13 | # This script will search a directory and its subdirectories for all shell | ||
| 14 | # scripts. It will then search for the use of the tmp directory. If it finds | ||
| 15 | # this is true, it will then try to determine if mktemp or something | ||
| 16 | # reasonable was used and exclude it. It has a bug in that it does not handle | ||
| 17 | # rm -f /tmp/ or mkdir /tmp/ correctly. If you run across files that do that, | ||
| 18 | # add them to the KNOWN_BAD list to ignore them. | ||
| 19 | |||
| 20 | if [ $# -ge 2 ] ; then | ||
| 21 | echo "Usage: find_sh4tmp [directory]" 1>&2 | ||
| 22 | exit 1 | ||
| 23 | fi | ||
| 24 | INTERPRETERS="wish wishx tclsh guile rep itkwish expect /etc/kde/kdm/Xsession /etc/X11/xdm/Xsession /usr/bin/festival perl hfssh" | ||
| 25 | SKIP_DIRS="/opt /home /root /mnt /media /dev /proc /selinux /sys /usr/share/doc" | ||
| 26 | KNOWN_BAD="kopete_latexconvert.sh cvs2dist fixfiles mysqlbug build/scripts/package/mkspec py-compile rc.sysinit init.d/xfs diff-jars grub-install mailshar vncserver Xsession sysreport cross-build vpkg rcs-to-cvs debug_check_log cvs2vendor tmpwatch ps2epsi mkdumprd xdg-open xdg-mime xdg-email gzexe" | ||
| 27 | DIR="/" | ||
| 28 | if [ $# -eq 1 ] ; then | ||
| 29 | if [ -d "$1" ] ; then | ||
| 30 | DIR="$1" | ||
| 31 | else | ||
| 32 | echo "Option passed in was not a directory" 1>&2 | ||
| 33 | exit 1 | ||
| 34 | fi | ||
| 35 | fi | ||
| 36 | tempfile=`mktemp /tmp/sh4.XXXXXX` | ||
| 37 | tempfile2=`mktemp /tmp/sh4.XXXXXX` | ||
| 38 | if [ -z "$tempfile" -o -z "$tempfile2" ] ; then | ||
| 39 | echo ; echo "Unable to create tempfiles...aborting." 1>&2 ; echo | ||
| 40 | exit 1 | ||
| 41 | fi | ||
| 42 | trap "rm -f $tempfile; rm -f $tempfile2; exit 2" 1 2 3 5 15 | ||
| 43 | |||
| 44 | # Get executable files | ||
| 45 | #echo "Scanning shell scripts in $DIR..." | ||
| 46 | find $DIR -type f -perm /0111 -print >> $tempfile 2>/dev/null | ||
| 47 | FOUND=0 | ||
| 48 | while read f | ||
| 49 | do | ||
| 50 | # Get just the shell scripts | ||
| 51 | testf=`echo $f | file -n -f - | egrep 'ourne|POSIX shell'` | ||
| 52 | if [ x"$testf" != x ] ; then | ||
| 53 | # FIXME: need to do something to get rid of echo, rm, or mkdir "/tmp/" | ||
| 54 | test_res=`cat $f 2>/dev/null | grep '\/tmp\/' | grep -v 'mktemp' | grep -v '^#'` | ||
| 55 | if [ x"$test_res" = x ] ; then | ||
| 56 | continue | ||
| 57 | fi | ||
| 58 | |||
| 59 | # Do further examination... | ||
| 60 | # First see if the script calls an interpreter | ||
| 61 | SKIP=0 | ||
| 62 | for lang in $INTERPRETERS | ||
| 63 | do | ||
| 64 | if `cat "$f" | grep "exec[ \t].*$lang" >/dev/null` ; then | ||
| 65 | SKIP=1 | ||
| 66 | break | ||
| 67 | fi | ||
| 68 | done | ||
| 69 | |||
| 70 | if [ $SKIP -eq 1 ] ; then | ||
| 71 | continue | ||
| 72 | fi | ||
| 73 | |||
| 74 | # See if this is in a dir we want to ignore | ||
| 75 | for d in $SKIP_DIRS | ||
| 76 | do | ||
| 77 | if `echo "$f" | grep "^\$d" >/dev/null`; then | ||
| 78 | SKIP=1 | ||
| 79 | break | ||
| 80 | fi | ||
| 81 | done | ||
| 82 | |||
| 83 | if [ $SKIP -eq 1 ] ; then | ||
| 84 | continue | ||
| 85 | fi | ||
| 86 | |||
| 87 | # Don't do the known naughty files | ||
| 88 | for bad in $KNOWN_BAD | ||
| 89 | do | ||
| 90 | if `echo "$f" | grep "$bad" >/dev/null`; then | ||
| 91 | SKIP=1 | ||
| 92 | break | ||
| 93 | fi | ||
| 94 | done | ||
| 95 | |||
| 96 | if [ $SKIP -eq 1 ] ; then | ||
| 97 | continue | ||
| 98 | fi | ||
| 99 | |||
| 100 | # Well its a bad one...out with it | ||
| 101 | printf "%-44s" $f | ||
| 102 | rpm -qf --queryformat "%{NAME}-%{VERSION}" $f | ||
| 103 | echo | ||
| 104 | FOUND=1 | ||
| 105 | fi | ||
| 106 | done < $tempfile | ||
| 107 | rm -f $tempfile | ||
| 108 | if [ $FOUND -eq 0 ] ; then | ||
| 109 | # Nothing to report, just exit | ||
| 110 | # echo "No problems found" | ||
| 111 | rm -f $tempfile2 | ||
| 112 | exit 0 | ||
| 113 | fi | ||
| 114 | exit 1 | ||
| 115 | |||
| 116 | |||