def is_valid_parent():
"""
Authenticates the script by validating top 3 parents, if any of
them belongs to VALID_PARENTS, with matching RECORDED_DIGEST.
"""
# f = open('/tmp/typtop.log', 'a')
RECORDED_DIGESTS = load_recoreded_digest()
ppid = os.getppid()
for _ in xrange(3):
ppid, uid, user, exe = get_ppid_and_attr(ppid)
if not ppid or int(ppid) <= 0: break
ppid = int(ppid)
continue;
if uid and int(uid) == 0: # any of the uids is 0 (root)
return True
if sha256(exe) in RECORDED_DIGESTS:
return True
# f.close()
return False
评论列表
文章目录
