From 06874bcef60f3911830c429204a3e366d2761892 Mon Sep 17 00:00:00 2001
From: sthen <>
Date: Thu, 17 Apr 2008 19:49:16 +0000
Subject: [PATCH] Teach security(8) to check for world-readable hostname.if
 files. An increasing number of types of these files (e.g. ppp, carp and wlan
 adapters) may contain secrets.

ok deraadt oga johan
---
 src/etc/security | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/etc/security b/src/etc/security
index f4c8a9f3..fd758c1b 100644
--- a/src/etc/security
+++ b/src/etc/security
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: security,v 1.79 2007/10/23 11:19:58 sthen Exp $
+#	$OpenBSD: security,v 1.80 2008/04/17 19:49:16 sthen Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
 #
 
@@ -299,6 +299,15 @@ if egrep 'uudecode|decode' /etc/mail/aliases; then
 	echo "\nThere is an entry for uudecode in the /etc/mail/aliases file."
 fi
 
+# hostname.if files may contain secrets and should not be
+# world-readable.
+
+for f in /etc/hostname.* ; do
+	if [ "$(stat -f "%SLp" $f)" != "---" ]; then
+		echo "\n$f is world readable."
+	fi
+done
+
 # Files that should not have + signs.
 list="/etc/hosts.equiv /etc/shosts.equiv /etc/hosts.lpd"
 for f in $list ; do