fi
# total suid control.
if hasq suidctl $FEATURES; then
+ local sfconf
sfconf=${PORTAGE_CONFIGROOT}etc/portage/suidctl.conf
+ # sandbox prevents us from writing directly
+ # to files outside of the sandbox, but this
+ # can easly be bypassed using the addwrite() function
+ addwrite "${sfconf}"
vecho ">>> Performing suid scan in ${D}"
for i in $(find "${D}" -type f \( -perm -4000 -o -perm -2000 \) ); do
if [ -s "${sfconf}" ]; then
- suid="$(grep "^/${i#${D}}$" "${sfconf}")"
- if [ "${suid}" = "${i/${D}}" ]; then
- vecho "- ${i/${D}} is an approved suid file"
+ install_path=/${i#${D}}
+ if grep -q "^${install_path}\$" "${sfconf}" ; then
+ vecho "- ${install_path} is an approved suid file"
else
- vecho ">>> Removing sbit on non registered ${i/${D}}"
+ vecho ">>> Removing sbit on non registered ${install_path}"
for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done
vecho -ne "\a"
ls_ret=$(ls -ldh "${i}")
chmod ugo-s "${i}"
- grep "^#${i/${D}}$" "${sfconf}" > /dev/null || {
- # sandbox prevents us from writing directly
- # to files outside of the sandbox, but this
- # can easly be bypassed using the addwrite() function
- addwrite "${sfconf}"
+ grep "^#${install_path}$" "${sfconf}" > /dev/null || {
vecho ">>> Appending commented out entry to ${sfconf} for ${PF}"
- echo "## ${ls_ret%${D}*}${ls_ret#*${D}}" >> "${sfconf}"
- echo "#${i/${D}}" >> "${sfconf}"
+ echo "## ${ls_ret%${D}*}${install_path}" >> "${sfconf}"
+ echo "#${install_path}" >> "${sfconf}"
# no delwrite() eh?
# delwrite ${sconf}
}
projects / portage.git / commitdiff