Skip to content
This repository was archived by the owner on Dec 9, 2022. It is now read-only.

Commit 5cd6003

Browse files
committed
plugins: get rid of commands.getstatusoutput()
1 parent 2d12677 commit 5cd6003

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

Diff for: plugins/src/allow_execmod.py

+8-2
Original file line numberDiff line numberDiff line change
@@ -91,10 +91,16 @@ def __init__(self):
9191
self.set_priority(10)
9292

9393
def analyze(self, avc):
94-
import commands
94+
import subprocess
9595
if avc.has_any_access_in(['execmod']):
9696
# MATCH
97-
if (commands.getstatusoutput("eu-readelf -d %s | fgrep -q TEXTREL" % avc.tpath)[0] == 1):
97+
# from https://docs.python.org/2.7/library/subprocess.html#replacing-shell-pipeline
98+
p1 = subprocess.Popen(['eu-readelf', '-d', avc.tpath], stdout=subprocess.PIPE)
99+
p2 = subprocess.Popen(["fgrep", "-q", "TEXTREL"], stdin=p1.stdout, stdout=subprocess.PIPE)
100+
p1.stdout.close() # Allow p1 to receive a SIGPIPE if p2 exits.
101+
p1.wait()
102+
p2.wait()
103+
if p2.returncode == 1:
98104
return self.report(("unsafe"))
99105

100106
mcon = selinux.matchpathcon(avc.tpath.strip('"'), S_IFREG)[1]

0 commit comments

Comments
 (0)