Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Browse Source

fix ksh.kshrc; check ksh.kshrc, .kshrc for owner/mode/path

OPENBSD_2_3
marc 27 years ago
parent
861f18150e
commit
0b582277ad
2 changed files with 47 additions and 7 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -5
      src/etc/ksh.kshrc
  2. +43
    -2
      src/etc/security

+ 4
- 5
src/etc/ksh.kshrc View File

@ -1,5 +1,5 @@
: :
# $OpenBSD: ksh.kshrc,v 1.2 1996/12/16 03:49:50 kstailey Exp $
# $OpenBSD: ksh.kshrc,v 1.3 1998/03/22 03:39:10 marc Exp $
# #
# NAME: # NAME:
# ksh.kshrc - global initialization for ksh # ksh.kshrc - global initialization for ksh
@ -37,6 +37,7 @@ case "$-" in
# install whoami.sh # install whoami.sh
USER=`whoami 2>/dev/null` USER=`whoami 2>/dev/null`
USER=${USER:-`id | sed 's/^[^(]*(\([^)]*\)).*/\1/'`} USER=${USER:-`id | sed 's/^[^(]*(\([^)]*\)).*/\1/'`}
UID=`id -u`
case $UID in case $UID in
0) PS1S='# ';; 0) PS1S='# ';;
esac esac
@ -54,8 +55,6 @@ case "$-" in
tty=`tty` tty=`tty`
tty=`basename $tty` tty=`basename $tty`
TTY=${TTY:-$tty} TTY=${TTY:-$tty}
# console is the system console device
console=`sysctl machdep.console_device | cut -d' ' -f3`
set -o emacs set -o emacs
@ -82,8 +81,8 @@ case "$-" in
;; ;;
esac esac
case "$TERM" in case "$TERM" in
sun*)
# these are not as neat as their csh equivalents
sun*-s)
# sun console with status line
if [ "$tty" != "$console" ]; then if [ "$tty" != "$console" ]; then
# ilabel # ilabel
ILS='\033]L'; ILE='\033\\' ILS='\033]L'; ILE='\033\\'


+ 43
- 2
src/etc/security View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $OpenBSD: security,v 1.26 1998/02/25 16:00:29 millert Exp $
# $OpenBSD: security,v 1.27 1998/03/22 03:39:11 marc Exp $
# from: @(#)security 8.1 (Berkeley) 6/9/93 # from: @(#)security 8.1 (Berkeley) 6/9/93
# #
@ -224,6 +224,47 @@ if [ $umaskset = "no" -o -s $OUTPUT ] ; then
fi fi
fi fi
# A good .kshrc will not have a umask or path, that being set in .profile
# check anyway.
> $OUTPUT
rhome=/root
list="/etc/ksh.kshrc ${rhome}/.kshrc"
for i in $list; do
if [ -s $i ] ; then
egrep umask $i |
awk '$2 % 100 < 20 \
{ print "Root umask is group writeable" } \
$2 % 10 < 2 \
{ print "Root umask is other writeable" }' >> $OUTPUT
if egrep PATH= $i > /dev/null ; then
SAVE_PATH=$PATH
unset PATH
/bin/ksh << end-of-sh > /dev/null 2>&1
. $i
list=\`echo \$PATH | /usr/bin/sed -e 's/:/ /g'\`
/bin/ls -ldgT \$list > $TMP1
end-of-sh
PATH=$SAVE_PATH
awk '{
if ($10 ~ /^\.$/) {
print "The root path includes .";
next;
}
}
$1 ~ /^d....w/ \
{ print "Root path directory " $10 " is group writeable." } \
$1 ~ /^d.......w/ \
{ print "Root path directory " $10 " is other writeable." }' \
< $TMP1 >> $OUTPUT
fi
fi
done
if [ -s $OUTPUT ] ; then
printf "\nChecking root ksh paths, umask values:\n$list\n"
cat $OUTPUT
fi
# Root and uucp should both be in /etc/ftpusers. # Root and uucp should both be in /etc/ftpusers.
if egrep root /etc/ftpusers > /dev/null ; then if egrep root /etc/ftpusers > /dev/null ; then
: :
@ -337,7 +378,7 @@ awk '$1 != $5 && $5 != "root" \
# Files that should not be owned by someone else or writeable. # Files that should not be owned by someone else or writeable.
list=".bashrc .cshrc .emacs .exrc .forward .klogin .login .logout \ list=".bashrc .cshrc .emacs .exrc .forward .klogin .login .logout \
.profile .tcshrc"
.profile .tcshrc .kshrc .xsession"
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
while read uid homedir; do while read uid homedir; do
for f in $list ; do for f in $list ; do


Write Preview
Loading…
Cancel
Save