1#!/bin/sh 2# 3# find-chroot utility 4# Copyright (c) 2011 Steve Grubb. ALL RIGHTS RESERVED. 5# sgrubb@redhat.com 6# 7# This software may be freely redistributed under the terms of the GNU 8# public license. 9# 10# You should have received a copy of the GNU General Public License 11# along with this program; if not, write to the Free Software 12# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 13# 14# This program looks for apps that use chroot(2) without using chdir(2) 15# 16# To save to file: ./find-chroot | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | tee findings.txt 17 18libdirs="/lib /lib64 /usr/lib /usr/lib64" 19progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec" 20FOUND=0 21 22# First param is which list to use, second is search pattern 23scan () { 24if [ "$1" = "1" ] ; then 25 dirs=$libdirs 26elif [ "$1" = "2" ] ; then 27 dirs=$progdirs 28elif [ "$1" = "3" ] ; then 29 dirs=$3 30fi 31 32for d in $dirs ; do 33 if [ ! -d $d ] ; then 34 continue 35 fi 36 files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null` 37 for f in $files 38 do 39 syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' chroot@.*GLIBC'` 40 if [ x"$syms" != "x" ] ; then 41 syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' chdir@.*GLIBC'` 42 if [ x"$syms" = "x" ] ; then 43 if [ $FOUND = 0 ] ; then 44 printf "%-44s%s\n" "FILE" " PACKAGE" 45 FOUND=1 46 fi 47 # Red 48 printf "\033[31m%-44s\033[m" $f 49 #rpm -qf --queryformat "%{NAME}-%{VERSION}" $f 50 rpm -qf --queryformat " %{SOURCERPM}" $f 51 echo 52 else 53 # One last test to see if chdir is within 3 54 # lines of chroot 55 syms=`objdump -d $f | egrep callq | egrep 'chroot@plt' -A2 | egrep 'chroot|chdir'` 56 if [ x"$syms" = "x" ] ; then 57 syms=`echo $f | egrep -v 'libc-2|libc.so'` 58 if [ x"$syms" != "x" ] ; then 59 if [ $FOUND = 0 ] ; then 60 printf "%-44s%s\n" "FILE" "PACKAGE" 61 FOUND=1 62 fi 63 printf "\033[31m%-44s\033[m" $f 64 rpm -qf --queryformat " %{SOURCERPM}" $f 65 echo 66 fi 67 fi 68 fi 69 fi 70 done 71done 72} 73 74if [ $# -eq 1 ] ; then 75 if [ -d $1 ] ; then 76 scan 3 '*' $1 77 else 78 echo "Input is not a directory" 79 exit 1 80 fi 81else 82 scan 2 '*' 83 scan 1 '*.so' 84fi 85 86if [ $FOUND -eq 0 ] ; then 87 # Nothing to report, just exit 88 echo "No problems found" 1>&2 89 exit 0 90fi 91exit 1 92 93 94