diff options
| author | Marco S Hyman <marc@cvs.openbsd.org> | 1998-03-22 03:39:12 +0000 |
|---|---|---|
| committer | Marco S Hyman <marc@cvs.openbsd.org> | 1998-03-22 03:39:12 +0000 |
| commit | 768bbf877c347890eb4cbb5c85e584618a582bae (patch) | |
| tree | bbe90ad1e46d9f4d709f6c5f010259151a81e477 /etc | |
| parent | fe35ad191836cf1776e13981822cfb016e62aa05 (diff) | |
fix ksh.kshrc; check ksh.kshrc, .kshrc for owner/mode/path
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/ksh.kshrc | 9 | ||||
| -rw-r--r-- | etc/security | 45 |
2 files changed, 47 insertions, 7 deletions
diff --git a/etc/ksh.kshrc b/etc/ksh.kshrc index 8442ffb6d82..66072c5ef40 100644 --- a/etc/ksh.kshrc +++ b/etc/ksh.kshrc @@ -1,5 +1,5 @@ : -# $OpenBSD: ksh.kshrc,v 1.2 1996/12/16 03:49:50 kstailey Exp $ +# $OpenBSD: ksh.kshrc,v 1.3 1998/03/22 03:39:10 marc Exp $ # # NAME: # ksh.kshrc - global initialization for ksh @@ -37,6 +37,7 @@ case "$-" in # install whoami.sh USER=`whoami 2>/dev/null` USER=${USER:-`id | sed 's/^[^(]*(\([^)]*\)).*/\1/'`} + UID=`id -u` case $UID in 0) PS1S='# ';; esac @@ -54,8 +55,6 @@ case "$-" in tty=`tty` tty=`basename $tty` TTY=${TTY:-$tty} - # console is the system console device - console=`sysctl machdep.console_device | cut -d' ' -f3` set -o emacs @@ -82,8 +81,8 @@ case "$-" in ;; esac case "$TERM" in - sun*) - # these are not as neat as their csh equivalents + sun*-s) + # sun console with status line if [ "$tty" != "$console" ]; then # ilabel ILS='\033]L'; ILE='\033\\' diff --git a/etc/security b/etc/security index 338ef4ce1aa..95a6e9d209e 100644 --- a/etc/security +++ b/etc/security @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: security,v 1.26 1998/02/25 16:00:29 millert Exp $ +# $OpenBSD: security,v 1.27 1998/03/22 03:39:11 marc Exp $ # from: @(#)security 8.1 (Berkeley) 6/9/93 # @@ -224,6 +224,47 @@ if [ $umaskset = "no" -o -s $OUTPUT ] ; then fi fi +# A good .kshrc will not have a umask or path, that being set in .profile +# check anyway. +> $OUTPUT +rhome=/root +list="/etc/ksh.kshrc ${rhome}/.kshrc" +for i in $list; do + if [ -s $i ] ; then + egrep umask $i | + awk '$2 % 100 < 20 \ + { print "Root umask is group writeable" } \ + $2 % 10 < 2 \ + { print "Root umask is other writeable" }' >> $OUTPUT + if egrep PATH= $i > /dev/null ; then + SAVE_PATH=$PATH + unset PATH + /bin/ksh << end-of-sh > /dev/null 2>&1 + . $i + list=\`echo \$PATH | /usr/bin/sed -e 's/:/ /g'\` + /bin/ls -ldgT \$list > $TMP1 +end-of-sh + PATH=$SAVE_PATH + awk '{ + if ($10 ~ /^\.$/) { + print "The root path includes ."; + next; + } + } + $1 ~ /^d....w/ \ + { print "Root path directory " $10 " is group writeable." } \ + $1 ~ /^d.......w/ \ + { print "Root path directory " $10 " is other writeable." }' \ + < $TMP1 >> $OUTPUT + fi + + fi +done +if [ -s $OUTPUT ] ; then + printf "\nChecking root ksh paths, umask values:\n$list\n" + cat $OUTPUT +fi + # Root and uucp should both be in /etc/ftpusers. if egrep root /etc/ftpusers > /dev/null ; then : @@ -337,7 +378,7 @@ awk '$1 != $5 && $5 != "root" \ # Files that should not be owned by someone else or writeable. list=".bashrc .cshrc .emacs .exrc .forward .klogin .login .logout \ - .profile .tcshrc" + .profile .tcshrc .kshrc .xsession" awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ while read uid homedir; do for f in $list ; do |