1#!/bin/sh 2# 3# find-chroot-py utility 4# Copyright (c) 2011 Steve Grubb. ALL RIGHTS RESERVED. 5# sgrubb@redhat.com 6# 7# This software may be freely redistributed under the terms of the GNU 8# public license. 9# 10# You should have received a copy of the GNU General Public License 11# along with this program; if not, write to the Free Software 12# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 13# 14# This program looks for python apps that use chroot(2) without using chdir(2) 15# 16# To save to file: ./find-chroot | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | tee findings.txt 17 18libdirs="/lib /lib64 /usr/lib /usr/lib64" 19progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec" 20FOUND=0 21 22# First param is which list to use, second is search pattern 23scan () { 24if [ "$1" = "1" ] ; then 25 dirs=$libdirs 26elif [ "$1" = "2" ] ; then 27 dirs=$progdirs 28elif [ "$1" = "3" ] ; then 29 dirs=$3 30fi 31 32for d in $dirs ; do 33 if [ ! -d $d ] ; then 34 continue 35 fi 36 files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null` 37 for f in $files 38 do 39 if [ "$1" = "2" ] ; then 40 testf=`/usr/bin/file $f | egrep 'ython'` 41 if [ x"$testf" = "x" ] ; then 42 continue 43 fi 44 fi 45 syms=`egrep ' os.chroot' $f` 46 if [ x"$syms" != "x" ] ; then 47 syms=`egrep ' os.chdir' $f` 48 if [ x"$syms" = "x" ] ; then 49 if [ $FOUND = 0 ] ; then 50 printf "%-44s%s\n" "FILE" " PACKAGE" 51 FOUND=1 52 fi 53 # Red 54 printf "\033[31m%-44s\033[m" $f 55 #rpm -qf --queryformat "%{NAME}-%{VERSION}" $f 56 rpm -qf --queryformat " %{SOURCERPM}" $f 57 echo 58 else 59 # One last test to see if chdir is within 4 60 # lines of chroot 61 syms=`cat $f | egrep ' os.chroot' -A3 | egrep ' os.chdir'` 62 if [ x"$syms" = "x" ] ; then 63 if [ $FOUND = 0 ] ; then 64 printf "%-44s%s\n" "FILE" " PACKAGE" 65 FOUND=1 66 fi 67 printf "\033[31m%-44s\033[m" $f 68 rpm -qf --queryformat " %{SOURCERPM}" $f 69 echo 70 fi 71 fi 72 fi 73 done 74done 75} 76 77if [ $# -eq 1 ] ; then 78 if [ -d $1 ] ; then 79 scan 3 '*' $1 80 else 81 echo "Input is not a directory" 82 exit 1 83 fi 84else 85 scan 2 '*' 86 scan 1 '*.py' 87fi 88 89if [ $FOUND -eq 0 ] ; then 90 # Nothing to report, just exit 91 echo "No problems found" 1>&2 92 exit 0 93fi 94exit 1 95 96 97