xref: /openbmc/openbmc/meta-security/recipes-security/redhat-security/files/find-sh4tmp.sh (revision eb8dc40360f0cfef56fb6947cc817a547d6d9bc6) 
1#!/bin/sh
2# find_sh4tmp utility
3# Copyright (c) 2005 Steve Grubb. ALL RIGHTS RESERVED.
4# sgrubb@redhat.com
5#
6# This software may be freely redistributed under the terms of the GNU
7# public license.
8#
9# You should have received a copy of the GNU General Public License
10# along with this program; if not, write to the Free Software
11# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
12
13# This script will search a directory and its subdirectories for all shell
14# scripts. It will then search for the use of the tmp directory. If it finds
15# this is true, it will then try to determine if mktemp or something
16# reasonable was used and exclude it. It has a bug in that it does not handle
17# rm -f /tmp/ or mkdir /tmp/ correctly. If you run across files that do that,
18# add them to the KNOWN_BAD list to ignore them.
19
20if [ $# -ge 2 ] ; then
21	echo "Usage: find_sh4tmp [directory]" 1>&2
22	exit 1
23fi
24INTERPRETERS="wish wishx tclsh guile rep itkwish expect /etc/kde/kdm/Xsession /etc/X11/xdm/Xsession /usr/bin/festival perl hfssh"
25SKIP_DIRS="/opt /home /root /mnt /media /dev /proc /selinux /sys /usr/share/doc"
26KNOWN_BAD="kopete_latexconvert.sh cvs2dist fixfiles mysqlbug build/scripts/package/mkspec py-compile rc.sysinit init.d/xfs diff-jars grub-install mailshar vncserver Xsession sysreport cross-build vpkg rcs-to-cvs debug_check_log cvs2vendor tmpwatch ps2epsi mkdumprd xdg-open xdg-mime xdg-email gzexe"
27DIR="/"
28if [ $# -eq 1 ] ; then
29	if [ -d "$1" ] ; then
30		DIR="$1"
31	else
32		echo "Option passed in was not a directory" 1>&2
33		exit 1
34	fi
35fi
36tempfile=`mktemp /tmp/sh4.XXXXXX`
37tempfile2=`mktemp /tmp/sh4.XXXXXX`
38if [ -z "$tempfile" -o -z "$tempfile2" ] ; then
39        echo ; echo "Unable to create tempfiles...aborting." 1>&2 ; echo
40        exit 1
41fi
42trap "rm -f $tempfile; rm -f $tempfile2; exit 2" 1 2 3 5 15
43
44# Get executable files
45#echo "Scanning shell scripts in $DIR..."
46find $DIR -type f -perm /0111 -print >> $tempfile 2>/dev/null
47FOUND=0
48while read f
49do
50	# Get just the shell scripts
51	testf=`echo $f | file -n -f - | egrep 'ourne|POSIX shell'`
52	if [ x"$testf" != x ] ; then
53# FIXME: need to do something to get rid of echo, rm, or mkdir "/tmp/"
54		test_res=`cat $f 2>/dev/null | grep '\/tmp\/' | grep -v 'mktemp' | grep -v '^#'`
55		if [ x"$test_res" = x ] ; then
56			continue
57		fi
58
59		# Do further examination...
60		# First see if the script calls an interpreter
61		SKIP=0
62		for lang in $INTERPRETERS
63		do
64			if `cat "$f" | grep "exec[ \t].*$lang" >/dev/null` ; then
65				SKIP=1
66				break
67			fi
68		done
69
70		if [ $SKIP -eq 1 ] ; then
71			continue
72		fi
73
74		# See if this is in a dir we want to ignore
75		for d in $SKIP_DIRS
76		do
77			if `echo "$f" | grep "^\$d" >/dev/null`; then
78				SKIP=1
79				break
80			fi
81		done
82
83		if [ $SKIP -eq 1 ] ; then
84			continue
85		fi
86
87		# Don't do the known naughty files
88		for bad in $KNOWN_BAD
89		do
90			if `echo "$f" | grep "$bad" >/dev/null`; then
91				SKIP=1
92				break
93			fi
94		done
95
96		if [ $SKIP -eq 1 ] ; then
97			continue
98		fi
99
100		# Well its a bad one...out with it
101		printf "%-44s" $f
102		rpm -qf --queryformat "%{NAME}-%{VERSION}" $f
103		echo
104		FOUND=1
105	fi
106done < $tempfile
107rm -f $tempfile
108if [ $FOUND -eq 0 ] ; then
109	# Nothing to report, just exit
110#	echo "No problems found"
111	rm -f $tempfile2
112	exit 0
113fi
114exit 1
115
116
117