Skip to content
Permalink
Browse files

plugins: get rid of commands.getstatusoutput()

  • Loading branch information...
bachradsusi committed Apr 9, 2015
1 parent 2d12677 commit 5cd60033ea7f5bdf8c19c27b23ea2d773d9b09f5
Showing with 8 additions and 2 deletions.
  1. +8 −2 plugins/src/allow_execmod.py
@@ -91,10 +91,16 @@ def __init__(self):
self.set_priority(10)

def analyze(self, avc):
import commands
import subprocess
if avc.has_any_access_in(['execmod']):
# MATCH
if (commands.getstatusoutput("eu-readelf -d %s | fgrep -q TEXTREL" % avc.tpath)[0] == 1):
# from https://docs.python.org/2.7/library/subprocess.html#replacing-shell-pipeline
p1 = subprocess.Popen(['eu-readelf', '-d', avc.tpath], stdout=subprocess.PIPE)
p2 = subprocess.Popen(["fgrep", "-q", "TEXTREL"], stdin=p1.stdout, stdout=subprocess.PIPE)
p1.stdout.close() # Allow p1 to receive a SIGPIPE if p2 exits.
p1.wait()
p2.wait()
if p2.returncode == 1:
return self.report(("unsafe"))

mcon = selinux.matchpathcon(avc.tpath.strip('"'), S_IFREG)[1]

0 comments on commit 5cd6003

Please sign in to comment.
You can’t perform that action at this time.