From eca03c4660be30d290c03a6b21a2dac1daf67b54 Mon Sep 17 00:00:00 2001
From: sthen <>
Date: Wed, 23 Jul 2008 16:05:47 +0000
Subject: [PATCH] Prevent warning about insecure hostnames where no
 /etc/hostname.* exists. From wcmaier@.

Check target of symbolic links to avoid noise at boot and in
seucrity output where you have several interfaces symlinked to one
config file.

"If you think this is the right thing to do" deraadt@
---
 src/etc/netstart | 8 ++++----
 src/etc/security | 7 +++++--
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/etc/netstart b/src/etc/netstart
index 466de694..4ac1ec04 100644
--- a/src/etc/netstart
+++ b/src/etc/netstart
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: netstart,v 1.121 2008/06/09 22:56:42 todd Exp $
+#	$OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $
 
 # Strip comments (and leading/trailing whitespace if IFS is set)
 # from a file and spew to stdout
@@ -40,10 +40,10 @@ ifstart() {
 		echo "netstart: $file: No such file or directory"
 		return
 	fi
-	if [ "$(stat -f "%SLp %u %g" $file)" != "--- 0 0" ]; then
+	if [ "$(stat -Lf "%SLp %u %g" $file)" != "--- 0 0" ]; then
 		echo "WARNING: $file is insecure, fixing permissions"
-		chmod o-rwx $file
-		chown root.wheel $file
+		chmod -LR o-rwx $file
+		chown -LR root.wheel $file
 	fi
 	ifconfig $if > /dev/null 2>&1
 	if [ "$?" != "0" ]; then
diff --git a/src/etc/security b/src/etc/security
index fd758c1b..1277106f 100644
--- a/src/etc/security
+++ b/src/etc/security
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: security,v 1.80 2008/04/17 19:49:16 sthen Exp $
+#	$OpenBSD: security,v 1.81 2008/07/23 16:05:47 sthen Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
 #
 
@@ -303,7 +303,10 @@ fi
 # world-readable.
 
 for f in /etc/hostname.* ; do
-	if [ "$(stat -f "%SLp" $f)" != "---" ]; then
+	if [ ! -e $f ]; then
+		continue
+	fi
+	if [ "$(stat -Lf "%SLp" $f)" != "---" ]; then
 		echo "\n$f is world readable."
 	fi
 done