mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-11 17:04:19 +01:00
159 lines
3.9 KiB
Bash
159 lines
3.9 KiB
Bash
#!/bin/sh
|
|
# gzexe: compressor for Unix executables.
|
|
# Use this only for binaries that you do not use frequently.
|
|
#
|
|
# The compressed version is a shell script which decompresses itself after
|
|
# skipping $skip lines of shell commands. We try invoking the compressed
|
|
# executable with the original name (for programs looking at their name).
|
|
# We also try to retain the original file permissions on the compressed file.
|
|
# For safety reasons, gzexe will not create setuid or setgid shell scripts.
|
|
|
|
# WARNING: the first line of this file must be either : or #!/bin/sh
|
|
# The : is required for some old versions of csh.
|
|
# On Ultrix, /bin/sh is too buggy, change the first line to: #!/bin/sh5
|
|
#
|
|
# $FreeBSD$
|
|
|
|
x=`basename $0`
|
|
if test $# = 0; then
|
|
echo compress executables. original file foo is renamed to foo~
|
|
echo usage: ${x} [-d] files...
|
|
echo " -d decompress the executables"
|
|
exit 1
|
|
fi
|
|
|
|
tmp=`/usr/bin/mktemp gzXXXXXXXXXX` || exit 1
|
|
trap "rm -f $tmp; exit 1" 1 2 3 5 10 13 15
|
|
|
|
decomp=0
|
|
res=0
|
|
test "$x" = "ungzexe" && decomp=1
|
|
if test "x$1" = "x-d"; then
|
|
decomp=1
|
|
shift
|
|
fi
|
|
|
|
zfoo1=`/usr/bin/mktemp zfoo1XXXXXXXXXX` || exit 1
|
|
zfoo2=`/usr/bin/mktemp zfoo2XXXXXXXXXX` || exit 1
|
|
echo hi > $zfoo1
|
|
echo hi > $zfoo2
|
|
if test -z "`(${CPMOD-cpmod} $zfoo1 $zfoo2) 2>&1`"; then
|
|
cpmod=${CPMOD-cpmod}
|
|
fi
|
|
rm -f $zfoo1 $zfoo2
|
|
|
|
tail=""
|
|
IFS="${IFS= }"; saveifs="$IFS"; IFS="${IFS}:"
|
|
for dir in $PATH; do
|
|
test -z "$dir" && dir=.
|
|
if test -f $dir/tail; then
|
|
tail="$dir/tail"
|
|
break
|
|
fi
|
|
done
|
|
IFS="$saveifs"
|
|
if test -z "$tail"; then
|
|
echo cannot find tail
|
|
exit 1
|
|
fi
|
|
|
|
for i do
|
|
if test ! -f "$i" ; then
|
|
echo ${x}: $i not a file
|
|
res=1
|
|
continue
|
|
fi
|
|
if test $decomp -eq 0; then
|
|
if sed -e 1d -e 2q "$i" | grep "^skip=[0-9]*$" >/dev/null; then
|
|
echo "${x}: $i is already gzexe'd"
|
|
continue
|
|
fi
|
|
fi
|
|
if ls -l "$i" | grep '^...[sS]' > /dev/null; then
|
|
echo "${x}: $i has setuid permission, unchanged"
|
|
continue
|
|
fi
|
|
if ls -l "$i" | grep '^......[sS]' > /dev/null; then
|
|
echo "${x}: $i has setgid permission, unchanged"
|
|
continue
|
|
fi
|
|
case "`basename $i`" in
|
|
sh | gzip | tail | chmod | ln | sleep | rm | mktemp)
|
|
echo "${x}: $i would depend on itself"; continue ;;
|
|
esac
|
|
if test -z "$cpmod"; then
|
|
cp -p "$i" $tmp 2>/dev/null || cp "$i" $tmp
|
|
if test -w $tmp 2>/dev/null; then
|
|
writable=1
|
|
else
|
|
writable=0
|
|
chmod u+w $tmp 2>/dev/null
|
|
fi
|
|
fi
|
|
if test $decomp -eq 0; then
|
|
sed 1q $0 > $tmp
|
|
sed "s|^if tail|if $tail|" >> $tmp <<'EOF'
|
|
skip=22
|
|
gztmp=`/usr/bin/mktemp /tmp/gztmpXXXXXXXXXX` || exit 1
|
|
if tail +$skip $0 | gzip -cd > $gztmp; then
|
|
chmod 700 $gztmp
|
|
prog="`echo $0 | sed 's|^.*/||'`"
|
|
progtmp=`/usr/bin/mktemp /tmp/${prog}XXXXXXXXXX` || exit 1
|
|
if /bin/ln $gztmp $progtmp 2>/dev/null; then
|
|
trap '/bin/rm -f $gztmp $progtmp; exit $res' 0
|
|
(/bin/sleep 5; /bin/rm -f $gztmp $progtmp) 2>/dev/null &
|
|
/tmp/"$prog" ${1+"$@"}; res=$?
|
|
else
|
|
trap '/bin/rm -f $gztmp exit $res' 0
|
|
(/bin/sleep 5; /bin/rm -f $gztmp) 2>/dev/null &
|
|
$gztmp ${1+"$@"}; res=$?
|
|
fi
|
|
else
|
|
echo Cannot decompress $0
|
|
rm -f $gztmp
|
|
exit 1
|
|
fi; exit $res
|
|
EOF
|
|
gzip -cv9 "$i" >> $tmp || {
|
|
/bin/rm -f $tmp
|
|
echo ${x}: compression not possible for $i, file unchanged.
|
|
res=1
|
|
continue
|
|
}
|
|
|
|
else
|
|
# decompression
|
|
skip=18
|
|
if sed -e 1d -e 2q "$i" | grep "^skip=[0-9]*$" >/dev/null; then
|
|
eval `sed -e 1d -e 2q "$i"`
|
|
fi
|
|
if tail +$skip "$i" | gzip -cd > $tmp; then
|
|
:
|
|
else
|
|
echo ${x}: $i probably not in gzexe format, file unchanged.
|
|
res=1
|
|
continue
|
|
fi
|
|
fi
|
|
rm -f "$i~"
|
|
mv "$i" "$i~" || {
|
|
echo ${x}: cannot backup $i as $i~
|
|
rm -f $tmp
|
|
res=1
|
|
continue
|
|
}
|
|
mv $tmp "$i" || cp -p $tmp "$i" 2>/dev/null || cp $tmp "$i" || {
|
|
echo ${x}: cannot create $i
|
|
rm -f $tmp
|
|
res=1
|
|
continue
|
|
}
|
|
rm -f $tmp
|
|
if test -n "$cpmod"; then
|
|
$cpmod "$i~" "$i" 2>/dev/null
|
|
elif test $writable -eq 0; then
|
|
chmod u-w $i 2>/dev/null
|
|
fi
|
|
done
|
|
exit $res
|