Index: ebuild.sh
===================================================================
RCS file: /home/cvsroot/gentoo-src/portage/bin/ebuild.sh,v
retrieving revision 1.148
diff -u -b -B -w -p -r1.148 ebuild.sh
--- ebuild.sh	10 Dec 2003 22:44:07 -0000	1.148
+++ ebuild.sh	16 Dec 2003 19:29:13 -0000
@@ -836,6 +836,38 @@ dyn_preinst() {
 		done
 	fi
 
+	# total suid control.
+	if has suidctl $FEATURES > /dev/null ; then
+		sfconf=/etc/portage/suidctl.conf
+		echo ">>> Preforming suid scan in ${IMAGE}"
+		for i in $(find ${IMAGE}/ -type f \( -perm -4000 -o -perm -2000 \) ); do
+			if [ -s "${sfconf}" ]; then
+				suid="`grep ^${i/${IMAGE}/}$ ${sfconf}`"
+				if [ "${suid}" = "${i/${IMAGE}/}" ]; then
+					echo "- ${i/${IMAGE}/} is an approved suid file"
+				else
+					for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done
+					echo ">>> Removing sbit on non registered ${i/${IMAGE}/}"
+					echo -ne "\a"
+					chmod ugo-s "${i}"
+					grep ^#${i/${IMAGE}/}$ ${sfconf} > /dev/null || {
+						# sandbox prevents us from writing directly
+						# to files outside of the sandbox, but this
+						# can easly be bypassed using the addwrite() function
+						addwrite "${sfconf}"
+						echo ">>> Appending commented out entry to ${sfconf} for ${PF}"
+						ls -ldh "${i}" | awk '{print "## "$0}' | sed s:"${IMAGE}"::g >> ${sfconf}
+						echo "#${i/${IMAGE}/}" >> ${sfconf}
+						# no delwrite() eh?
+						# delwrite ${sconf}
+					}
+				fi
+			else
+				echo "suidctl feature set but you are lacking a ${sfconf}"
+			fi
+		done
+	fi
+
 	# SELinux file labeling (needs to always be last in dyn_preinst)
 	if use selinux; then
 		# only attempt to label if setfiles is executable