Print this page
XXX Remove nawk(1)
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/cmd/sendmail/cf/sh/check-permissions.sh
+++ new/usr/src/cmd/sendmail/cf/sh/check-permissions.sh
1 1 #!/bin/sh --
2 2 #
3 3 # CDDL HEADER START
4 4 #
5 5 # The contents of this file are subject to the terms of the
6 6 # Common Development and Distribution License (the "License").
7 7 # You may not use this file except in compliance with the License.
8 8 #
9 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 # or http://www.opensolaris.org/os/licensing.
11 11 # See the License for the specific language governing permissions
12 12 # and limitations under the License.
13 13 #
14 14 # When distributing Covered Code, include this CDDL HEADER in each
15 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 # If applicable, add the following below this CDDL HEADER, with the
17 17 # fields enclosed by brackets "[]" replaced with your own identifying
18 18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 19 #
20 20 # CDDL HEADER END
21 21 #
22 22
↓ open down ↓ |
22 lines elided |
↑ open up ↑ |
23 23 # Check :include: aliases (in files configured in sendmail.cf) and .forward
24 24 # files to make sure the files and their parent directory paths all have
25 25 # proper permissions. And check the master alias file(s) too.
26 26 #
27 27 # See http://www.sendmail.org/vendor/sun/migration.html#Security for details.
28 28 #
29 29 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
30 30 # Use is subject to license terms.
31 31 #
32 32 # %W% (Sun) %G%
33 -# ident "%Z%%M% %I% %E% SMI"
34 33
35 34 PATH=/bin
36 35
37 36 # Check the group- and world-writable bits on the given file.
38 37
39 38 analyze() {
40 39 case "`ls -Lldn $1`" in
41 40 ?????w??w?*)
42 41 echo $2: $1 is group and world writable
43 42 bogus_dirs=true ;;
44 43 ????????w?*)
45 44 echo $2: $1 is world writable
46 45 bogus_dirs=true ;;
47 46 ?????w????*)
48 47 echo $2: $1 is group writable
49 48 bogus_dirs=true ;;
50 49 esac
51 50 }
52 51
53 52 # Break down the given file name into its components, and call analyze with
54 53 # each of them. E.g., an argument of /usr/local/aliases/foo.list would call
55 54 # analyze in turn with arguments:
56 55 # * /usr/local/aliases/foo.list
57 56 # * /usr/local/aliases
58 57 # * /usr/local
59 58 # * /usr
60 59
61 60 break_down() {
62 61 for j in `echo $1 | \
63 62 awk '{
64 63 n = split($0, parts, "/");
65 64 for (i = n; i >= 2; i--){
66 65 string = "";
67 66 for (j = 2; j <= i; j++){
68 67 string = sprintf("%s/%s", string, parts[j]);
69 68 }
70 69 print string
71 70 }
72 71 }'` "/"
73 72 do
74 73 analyze $j $1
75 74 done
76 75 }
77 76
78 77 config=/etc/mail/sendmail.cf
79 78 bogus_dirs=false
80 79
81 80 afl1=`grep "^OA" $config | sed 's/^OA//' | sed 's/,/ /g' | sed 's/.*://'`
82 81 afl2=`grep "^O AliasFile=" $config | sed 's/^O AliasFile=//' | \
83 82 sed 's/,/ /g' | sed 's/.*://'`
84 83
85 84 # These should be OK themselves, but other packages may have screwed up the
86 85 # permissions on /etc or /etc/mail . And best to check in case non-standard
87 86 # alias paths are used.
88 87
89 88 break_down $afl1 $afl2
90 89
91 90 # Find all valid :include: files used in alias files configured in sendmail.cf
92 91
93 92 for i in `sed 's/^[#].*$//' $afl1 $afl2 | \
94 93 grep :include: | \
95 94 sed 's/.*:include://' | \
↓ open down ↓ |
52 lines elided |
↑ open up ↑ |
96 95 sed 's/,.*$//'`
97 96 do
98 97 break_down $i
99 98 done
100 99
101 100 # Check .forward files as well. If the argument "ALL" is given, do it for
102 101 # everyone. If no argument to the script is given, just do it for the current
103 102 # user. O/w, do it for all arguments.
104 103
105 104 if [ $# -eq 0 ] ; then
106 - arg=`id | nawk -F'(' '{n = split($2,id,")"); print id[1]}'`
105 + arg=`id | /usr/xpg4/bin/awk -F'(' '{n = split($2,id,")"); print id[1]}'`
107 106 elif [ $1 = "ALL" ] ; then
108 107 arg=""
109 108 else
110 109 arg="$*"
111 110 fi
112 111
113 -for i in `getent passwd $arg | nawk -F: '{print $6}'`
112 +for i in `getent passwd $arg | /usr/xpg4/bin/awk -F: '{print $6}'`
114 113 do
115 114 if [ -f $i/.forward ] ; then
116 115 break_down $i/.forward
117 116 fi
118 117 done
119 118
120 119 $bogus_dirs || echo "No unsafe directories found."
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX