1#!/bin/sh
2#
3# find-chroot-py utility
4# Copyright (c) 2011 Steve Grubb. ALL RIGHTS RESERVED.
5# sgrubb@redhat.com
6#
7# This software may be freely redistributed under the terms of the GNU
8# public license.
9#
10# You should have received a copy of the GNU General Public License
11# along with this program; if not, write to the Free Software
12# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
13#
14# This program looks for python apps that use chroot(2) without using chdir(2)
15#
16# To save to file: ./find-chroot | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | tee findings.txt
17
18libdirs="/lib /lib64 /usr/lib /usr/lib64"
19progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
20FOUND=0
21
22# First param is which list to use, second is search pattern
23scan () {
24if [ "$1" = "1" ] ; then
25	dirs=$libdirs
26elif [ "$1" = "2" ] ; then
27	dirs=$progdirs
28elif [ "$1" = "3" ] ; then
29	dirs=$3
30fi
31
32for d in $dirs ; do
33	if [ ! -d $d ] ; then
34		continue
35	fi
36	files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
37	for f in $files
38	do
39		if [ "$1" = "2" ] ; then
40			testf=`/usr/bin/file $f | egrep 'ython'`
41			if [ x"$testf" = "x" ] ; then
42				continue
43			fi
44		fi
45		syms=`egrep ' os.chroot' $f`
46		if [ x"$syms" != "x" ] ; then
47			syms=`egrep ' os.chdir' $f`
48			if [ x"$syms" = "x" ] ; then
49				if [ $FOUND = 0 ]  ; then
50					printf "%-44s%s\n" "FILE" " PACKAGE"
51					FOUND=1
52				fi
53				# Red
54				printf "\033[31m%-44s\033[m" $f
55				#rpm -qf --queryformat "%{NAME}-%{VERSION}" $f
56				rpm -qf --queryformat " %{SOURCERPM}" $f
57				echo
58			else
59				# One last test to see if chdir is within 4
60				# lines of chroot
61				syms=`cat $f | egrep ' os.chroot' -A3 | egrep ' os.chdir'`
62				if [ x"$syms" = "x" ] ; then
63					if [ $FOUND = 0 ]  ; then
64						printf "%-44s%s\n" "FILE" " PACKAGE"
65						FOUND=1
66					fi
67					printf "\033[31m%-44s\033[m" $f
68					rpm -qf --queryformat "	%{SOURCERPM}" $f
69					echo
70				fi
71			fi
72		fi
73	done
74done
75}
76
77if [ $# -eq 1 ] ; then
78	if [ -d $1 ] ; then
79		scan 3 '*' $1
80	else
81		echo "Input is not a directory"
82		exit 1
83	fi
84else
85	scan 2 '*'
86	scan 1 '*.py'
87fi
88
89if [ $FOUND -eq 0 ] ; then
90        # Nothing to report, just exit
91        echo "No problems found" 1>&2
92        exit 0
93fi
94exit 1
95
96
97