From edf1588c27d93478a40d8f86afe81f3a6db3f690 Mon Sep 17 00:00:00 2001 From: Jacob Babor Date: Wed, 27 Apr 2022 17:39:20 -0500 Subject: [PATCH] Fix a myriad of issues with that last script --- check_executables_in_tmp | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/check_executables_in_tmp b/check_executables_in_tmp index 90db240..c4c7796 100755 --- a/check_executables_in_tmp +++ b/check_executables_in_tmp @@ -1,4 +1,4 @@ -#! /bin/sh +#! /bin/bash # # check_executables_in_tmpdir # Check a directory for executables and become angry if we find them @@ -12,15 +12,24 @@ set -e tmpdir="/tmp" +# # Compile a list of executables found in /tmp +# +# Note that we deliberately use the -perm flag instead of the -executable flag +# +# This is by design, as -executable will fail on systems with noexec on the +# filesystem we're checking. This runs counter to our goal here, which is just +# to see if some skid has dumped a cryptominer on the machine. +# executables="" -find "$tmpdir" -type f -executable 2>/dev/null | while read line; do +while read line; do if [ -z "$executables" ]; then executables="$line" else executables="$executables, $line" fi -done +done < <(find "$tmpdir" -type f -perm /u=x,g=x,o=x 2>/dev/null || true ) + # If we found any, become angry if [ -n "$executables" ]; then