diff --git a/src/etc/security b/src/etc/security index 89c7b3d8..b5345dcb 100644 --- a/src/etc/security +++ b/src/etc/security @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: security,v 1.22 1997/09/29 22:15:58 deraadt Exp $ +# $OpenBSD: security,v 1.23 1997/10/05 11:49:14 deraadt Exp $ # from: @(#)security 8.1 (Berkeley) 6/9/93 # @@ -43,8 +43,15 @@ awk -F: '{ printf("Login %s has more than 8 characters.\n", $1); if ($2 == "") printf("Login %s has no password.\n", $1); - if ((length($2) != 13 && ($10 ~ /.*sh$/ || $10 == "")) && ($2 !~ /^\$[0-9a-f]+\$/) && system("if grep -q \"^"$1" \" /etc/skeykeys || test -d "$9"/.ssh -a ! -O "$9"/.ssh ; then exit 1 ; fi ; for i in .rhosts .shosts .klogin ; do test -s "$9"/$i -a ! -O "$9"/$i && exit 1 ; done ; exit 0") != 0) - printf("Login %s is off but still has a valid shell.\n", $1); + if ($2 != "" && length($2) != 13 && ($10 ~ /.*sh$/ || $10 == "") && + ($2 !~ /^\$[0-9a-f]+\$/) && ($2 != "skey")) { + if (system("grep -q \"^"$1" \" /etc/skeykeys") == 0) + printf("Login %s is off but still has a valid shell and an entry in /etc/skeykeys.\n", $1); + if (system("test -d "$9" -a ! -r "$9"") == 0) + printf("Login %s if off but still has valid shell and home directory is unreadable\n\t by root; cannot check for existance of alternate access files.\n", $1); + else if (system("for file in .ssh .rhosts .shosts .klogin; do if test -e "$9"/$file; then if ((ls -ld "$9"/$file | cut -b 2-10 | grep -q r) && (test ! -O "$9"/$file)) ; then exit 1; fi; fi; done")) + printf("Login %s is off but still has a valid shell and alternate access files in\n\t home directory are still readable.\n",$1); + } if ($3 == 0 && $1 != "root") printf("Login %s has a user id of 0.\n", $1); if ($3 < 0)