--- ebuild.sh.orig 2003-09-28 18:40:23.000000000 -0400 +++ ebuild.sh 2003-09-28 18:49:32.000000000 -0400 @@ -1,7 +1,7 @@ #!/bin/bash # Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /home/cvsroot/gentoo-src/portage/bin/ebuild.sh,v 1.141 2003/09/02 17:31:40 carpaski Exp $ +# $Header: /home/cvsroot/gentoo-src/portage/bin/ebuild.sh,v 1.140 2003/08/21 01:01:26 carpaski Exp $ if [ "$*" != "depend" ] && [ "$*" != "clean" ]; then if [ -f ${T}/successful ]; then @@ -105,7 +105,7 @@ for x in "$@"; do if [ "${x}" == "${me}" ]; then - tty --quiet < /dev/stdout || echo "${x}" + [ -w /dev/stdout ] && tty --quiet < /dev/stdout || echo "${x}" return 0 fi done @@ -696,7 +696,29 @@ #some packages use an alternative to $S to build in, cause #our libtool to create problematic .la files export PWORKDIR="$WORKDIR" - src_compile + if [ "$PWD" = "${S}" -a "`has flawfinder ${FEATURES}`" != "" -a -x /usr/bin/flawfinder ]; then + c_files="`find ${S} -name '*.c'`" + flaws="" + if [ "$c_files" != "" ]; then + c_count=`echo ${c_files} | tr ' ' '\n' | wc -l | awk '{print $1}'` + einfo "Running flawfinder on [$c_count] files" + flaws=$(flawfinder --quiet --dataonly --minlevel=5 ${c_files}) + fi + if [ "$flaws" != "" ]; then + echo -ne "\a"; sleep 0,25 &>/dev/null; echo -ne "\a"; sleep 0,25 &>/dev/null + echo -ne "\a"; sleep 0,25 &>/dev/null; echo -ne "\a"; sleep 0,25 &>/dev/null + ewarn "$flaws" + i=5 + while [ $i != 0 ]; do + echo -ne ".\a" + sleep 0.5 + i=$(($i - 1)) + done + has interactive ${FEATURES} && + read -p "- Press Enter To Continue or CTRL+C to abort" + fi + fi + src_compile #|| abort_compile "fail" cd ${BUILDDIR} touch .compiled @@ -780,15 +802,15 @@ fi # Smart FileSystem Permissions - if has sfperms $FEATURES; then + if has sfperms ${FEATURES} > /dev/null; then for i in $(find ${D}/ -type f -perm -4000); do - ebegin ">>> SetUID: [chmod go-r] $i " - chmod go-r $i + ebegin ">>> SetUID: [chmod go-r] ${i} " + chmod go-r "${i}" eend $? done for i in $(find ${D}/ -type f -perm -2000); do - ebegin ">>> SetGID: [chmod o-r] $i " - chmod o-r $i + ebegin ">>> SetGID: [chmod o-r] ${i} " + chmod o-r "${i}" eend $? done fi @@ -796,12 +818,41 @@ find ${D}/ -user portage -print0 | $XARGS -0 -n100 chown root if [ "$USERLAND" == "BSD" ]; then find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp wheel - else - find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp root + else + find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp root + fi + + if has sfperms ${FEATURES} > /dev/null ; then + sfconf=/etc/sfperms.conf + echo ">>> Preforming suid scan in ${D}" + for i in $(find ${D}/ -type f \( -perm -4000 -o -perm -2000 \) ); do + if [ -s ${sfconf} ]; then + suid="`grep ^${i/${D}/}$ ${sfconf}`" + if [ "${suid}" = "${i/${D}/}" ]; then + echo "- ${i/${D}/} is an approved suid file" + else + echo ">>> Removing sbit on non registered ${i/${D}/}" + for x in 5 4 3 2 1 0; do + echo -ne "\a"; sleep 0.25 + done + chmod ugo-s "${i}" + grep ^#${i/${D}/}$ ${sfconf} > /dev/null || { + echo ">>> Appending commented out entry to ${sfconf}" + addwrite ${sfconf} + ls -ldh "${i}" | awk '{print "## "$0}' | sed s:"${D}"::g >> ${sfconf} + echo "#${i/${D}/}" >> ${sfconf} + # delwrite ${sconf} + } + + fi + else + echo "sfperms feature set but you are lacking a ${sfconf}" + fi + done fi if use selinux; then