illumos-gate Wdiff usr/src/cmd/sendmail/cf/sh/check-permissions.sh

Print this page

XXX Remove nawk(1)

Split	Close
Expand all
Collapse all

          --- old/usr/src/cmd/sendmail/cf/sh/check-permissions.sh
          +++ new/usr/src/cmd/sendmail/cf/sh/check-permissions.sh

   1    1  #!/bin/sh --
   2    2  #
   3    3  # CDDL HEADER START
   4    4  #
   5    5  # The contents of this file are subject to the terms of the
   6    6  # Common Development and Distribution License (the "License").
   7    7  # You may not use this file except in compliance with the License.
   8    8  #
   9    9  # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10   10  # or http://www.opensolaris.org/os/licensing.
  11   11  # See the License for the specific language governing permissions
  12   12  # and limitations under the License.
  13   13  #
  14   14  # When distributing Covered Code, include this CDDL HEADER in each
  15   15  # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16   16  # If applicable, add the following below this CDDL HEADER, with the
  17   17  # fields enclosed by brackets "[]" replaced with your own identifying
  18   18  # information: Portions Copyright [yyyy] [name of copyright owner]
  19   19  #
  20   20  # CDDL HEADER END
  21   21  #
  22   22

↓ open down ↓

22 lines elided

↑ open up ↑

  23   23  # Check :include: aliases (in files configured in sendmail.cf) and .forward
  24   24  # files to make sure the files and their parent directory paths all have
  25   25  # proper permissions.  And check the master alias file(s) too.
  26   26  #
  27   27  # See http://www.sendmail.org/vendor/sun/migration.html#Security for details.
  28   28  #
  29   29  # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  30   30  # Use is subject to license terms.
  31   31  #
  32   32  # %W% (Sun) %G%
  33      -# ident "%Z%%M% %I%     %E% SMI"
  34   33  
  35   34  PATH=/bin
  36   35  
  37   36  # Check the group- and world-writable bits on the given file.
  38   37  
  39   38  analyze() {
  40   39          case "`ls -Lldn $1`" in
  41   40                  ?????w??w?*) 
  42   41                          echo $2: $1 is group and world writable
  43   42                          bogus_dirs=true ;;

  44   43                  ????????w?*) 
  45   44                          echo $2: $1 is world writable
  46   45                          bogus_dirs=true ;;
  47   46                  ?????w????*) 
  48   47                          echo $2: $1 is group writable
  49   48                          bogus_dirs=true ;;
  50   49          esac
  51   50  }
  52   51  
  53   52  # Break down the given file name into its components, and call analyze with
  54   53  # each of them.  E.g., an argument of /usr/local/aliases/foo.list would call
  55   54  # analyze in turn with arguments:
  56   55  # * /usr/local/aliases/foo.list
  57   56  # * /usr/local/aliases
  58   57  # * /usr/local
  59   58  # * /usr
  60   59  
  61   60  break_down() {
  62   61          for j in `echo $1 | \
  63   62                  awk '{
  64   63                          n = split($0, parts, "/");
  65   64                          for (i = n; i >= 2; i--){
  66   65                                  string = "";
  67   66                                  for (j = 2; j <= i; j++){
  68   67                                          string = sprintf("%s/%s", string, parts[j]);
  69   68                                  }
  70   69                                  print string
  71   70                          }
  72   71                  }'` "/"
  73   72          do
  74   73                  analyze $j $1
  75   74          done
  76   75  }
  77   76  
  78   77  config=/etc/mail/sendmail.cf
  79   78  bogus_dirs=false
  80   79  
  81   80  afl1=`grep "^OA" $config | sed 's/^OA//' | sed 's/,/ /g' | sed 's/.*://'`
  82   81  afl2=`grep "^O AliasFile=" $config | sed 's/^O AliasFile=//' | \
  83   82      sed 's/,/ /g' | sed 's/.*://'`
  84   83  
  85   84  # These should be OK themselves, but other packages may have screwed up the
  86   85  # permissions on /etc or /etc/mail .  And best to check in case non-standard
  87   86  # alias paths are used.
  88   87  
  89   88  break_down $afl1 $afl2
  90   89  
  91   90  # Find all valid :include: files used in alias files configured in sendmail.cf
  92   91  
  93   92  for i in `sed 's/^[#].*$//' $afl1 $afl2 | \
  94   93          grep :include: | \
  95   94          sed 's/.*:include://' | \

↓ open down ↓

52 lines elided

↑ open up ↑

  96   95          sed 's/,.*$//'`
  97   96  do
  98   97          break_down $i
  99   98  done
 100   99  
 101  100  # Check .forward files as well.  If the argument "ALL" is given, do it for
 102  101  # everyone.  If no argument to the script is given, just do it for the current
 103  102  # user.  O/w, do it for all arguments.
 104  103  
 105  104  if [ $# -eq 0 ] ; then
 106      -        arg=`id | nawk -F'(' '{n = split($2,id,")"); print id[1]}'`
      105 +        arg=`id | /usr/xpg4/bin/awk -F'(' '{n = split($2,id,")"); print id[1]}'`
 107  106  elif [ $1 = "ALL" ] ; then
 108  107          arg=""
 109  108  else
 110  109          arg="$*"
 111  110  fi
 112  111  
 113      -for i in `getent passwd $arg | nawk -F: '{print $6}'`
      112 +for i in `getent passwd $arg | /usr/xpg4/bin/awk -F: '{print $6}'`
 114  113  do
 115  114          if [ -f $i/.forward ] ; then
 116  115                  break_down $i/.forward
 117  116          fi
 118  117  done
 119  118  
 120  119  $bogus_dirs || echo "No unsafe directories found."

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX