illumos-gate Sdiff usr/src/cmd/sendmail/cf/sh/check-permissions.sh

Print this page

XXX Remove nawk(1)

  13 #
  14 # When distributing Covered Code, include this CDDL HEADER in each
  15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16 # If applicable, add the following below this CDDL HEADER, with the
  17 # fields enclosed by brackets "[]" replaced with your own identifying
  18 # information: Portions Copyright [yyyy] [name of copyright owner]
  19 #
  20 # CDDL HEADER END
  21 #
  22 
  23 # Check :include: aliases (in files configured in sendmail.cf) and .forward
  24 # files to make sure the files and their parent directory paths all have
  25 # proper permissions.  And check the master alias file(s) too.
  26 #
  27 # See http://www.sendmail.org/vendor/sun/migration.html#Security for details.
  28 #
  29 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  30 # Use is subject to license terms.
  31 #
  32 # %W% (Sun) %G%
  33 # ident "%Z%%M% %I%     %E% SMI"
  34 
  35 PATH=/bin
  36 
  37 # Check the group- and world-writable bits on the given file.
  38 
  39 analyze() {
  40         case "`ls -Lldn $1`" in
  41                 ?????w??w?*) 
  42                         echo $2: $1 is group and world writable
  43                         bogus_dirs=true ;;
  44                 ????????w?*) 
  45                         echo $2: $1 is world writable
  46                         bogus_dirs=true ;;
  47                 ?????w????*) 
  48                         echo $2: $1 is group writable
  49                         bogus_dirs=true ;;
  50         esac
  51 }
  52 
  53 # Break down the given file name into its components, and call analyze with

  86 # permissions on /etc or /etc/mail .  And best to check in case non-standard
  87 # alias paths are used.
  88 
  89 break_down $afl1 $afl2
  90 
  91 # Find all valid :include: files used in alias files configured in sendmail.cf
  92 
  93 for i in `sed 's/^[#].*$//' $afl1 $afl2 | \
  94         grep :include: | \
  95         sed 's/.*:include://' | \
  96         sed 's/,.*$//'`
  97 do
  98         break_down $i
  99 done
 100 
 101 # Check .forward files as well.  If the argument "ALL" is given, do it for
 102 # everyone.  If no argument to the script is given, just do it for the current
 103 # user.  O/w, do it for all arguments.
 104 
 105 if [ $# -eq 0 ] ; then
 106         arg=`id | nawk -F'(' '{n = split($2,id,")"); print id[1]}'`
 107 elif [ $1 = "ALL" ] ; then
 108         arg=""
 109 else
 110         arg="$*"
 111 fi
 112 
 113 for i in `getent passwd $arg | nawk -F: '{print $6}'`
 114 do
 115         if [ -f $i/.forward ] ; then
 116                 break_down $i/.forward
 117         fi
 118 done
 119 
 120 $bogus_dirs || echo "No unsafe directories found."

  13 #
  14 # When distributing Covered Code, include this CDDL HEADER in each
  15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16 # If applicable, add the following below this CDDL HEADER, with the
  17 # fields enclosed by brackets "[]" replaced with your own identifying
  18 # information: Portions Copyright [yyyy] [name of copyright owner]
  19 #
  20 # CDDL HEADER END
  21 #
  22 
  23 # Check :include: aliases (in files configured in sendmail.cf) and .forward
  24 # files to make sure the files and their parent directory paths all have
  25 # proper permissions.  And check the master alias file(s) too.
  26 #
  27 # See http://www.sendmail.org/vendor/sun/migration.html#Security for details.
  28 #
  29 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  30 # Use is subject to license terms.
  31 #
  32 # %W% (Sun) %G%

  33 
  34 PATH=/bin
  35 
  36 # Check the group- and world-writable bits on the given file.
  37 
  38 analyze() {
  39         case "`ls -Lldn $1`" in
  40                 ?????w??w?*) 
  41                         echo $2: $1 is group and world writable
  42                         bogus_dirs=true ;;
  43                 ????????w?*) 
  44                         echo $2: $1 is world writable
  45                         bogus_dirs=true ;;
  46                 ?????w????*) 
  47                         echo $2: $1 is group writable
  48                         bogus_dirs=true ;;
  49         esac
  50 }
  51 
  52 # Break down the given file name into its components, and call analyze with

  85 # permissions on /etc or /etc/mail .  And best to check in case non-standard
  86 # alias paths are used.
  87 
  88 break_down $afl1 $afl2
  89 
  90 # Find all valid :include: files used in alias files configured in sendmail.cf
  91 
  92 for i in `sed 's/^[#].*$//' $afl1 $afl2 | \
  93         grep :include: | \
  94         sed 's/.*:include://' | \
  95         sed 's/,.*$//'`
  96 do
  97         break_down $i
  98 done
  99 
 100 # Check .forward files as well.  If the argument "ALL" is given, do it for
 101 # everyone.  If no argument to the script is given, just do it for the current
 102 # user.  O/w, do it for all arguments.
 103 
 104 if [ $# -eq 0 ] ; then
 105         arg=`id | /usr/xpg4/bin/awk -F'(' '{n = split($2,id,")"); print id[1]}'`
 106 elif [ $1 = "ALL" ] ; then
 107         arg=""
 108 else
 109         arg="$*"
 110 fi
 111 
 112 for i in `getent passwd $arg | /usr/xpg4/bin/awk -F: '{print $6}'`
 113 do
 114         if [ -f $i/.forward ] ; then
 115                 break_down $i/.forward
 116         fi
 117 done
 118 
 119 $bogus_dirs || echo "No unsafe directories found."