/usr/lib/tiger/scripts/sub/check_wdir is in tiger 1:3.2.3-10.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 | #!/bin/sh
#
# tiger - A UN*X security checking system
# Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 1, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Please see the file `COPYING' for the complete copyright notice.
#
# sub/check_wdir - 06/14/93
#
#-----------------------------------------------------------------------------
# This script is not runnable directly.
#
file="$1"
[ "$CONFIGURED_ALREADY" != "YES" ] && {
echo "--ERROR-- [init008e] This script can not be run directly."
exit 1
}
. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
haveallcmds GREP CAT RM AWK GETCLIENTDIRS || exit 1
haveallfiles WORKDIR || exit 1
echo "--CONFIG-- [init003c] $0: Configuration ok..."
exit 0
}
#------------------------------------------------------------------------
echo
echo "# Checking for writable directories..."
haveallcmds GREP CAT SED || exit 1
haveallvars WORKDIR || exit 1
[ ! -n "$FS_WDIRSYS" ] && FS_WDIRSYS="/tmp/ /usr/tmp/"
dltmpdirs=
[ -n "$HOSTNAMESLIST" ] &&
haveallcmds GETCLIENTDIRS AWK && {
dltmpdirs=`$GETCLIENTDIRS |
while read client rootdir
do
for dir in $FS_WDIRSYS
do
echo "$rootdir$dir"
done
done
`
}
set $FS_WDIRSYS $dltmpdirs
greps="$GREP -v '^'$1"
shift
for dir
do
greps="$greps | $GREP -v '^'$dir"
done
$SED -e 's%\([^/]\)$%\1/%' $file |
eval $greps > $WORKDIR/wdir.tmp.$$
[ -s $WORKDIR/wdir.tmp.$$ ] && {
message FAIL fsys008f "" 'The following directories are world writable:'
$SORT $WORKDIR/wdir.tmp.$$
}
delete $WORKDIR/wdir.tmp.$$
# Note: The followin directories are world-writable under HP-UX
# (contributed by Bob Hall)
# $SORT $WORKDIR/wdir.tmp.$$
#while read DIR
# do
# case $DIR in
# /dev/screen/) ;;
# /etc/opt/resmon/log/) ;;
# /usr/newconfig/var/stm/*) ;;
# /var/dt/appconfig/appmanager/*) ;;
# /var/X11/Xserver/logs/) ;;
# /var/news/) ;;
# /var/opt/dce/rpc/local/*) ;;
# /var/preserve/) ;;
# /var/rbootd/) ;;
# /var/stm/*) ;;
# */man/cat[^\/]*[.]Z/) ;;
# /var/spool/calendar/*) ;;
# /var/spool/cron/tmp/*) ;;
# /var/spool/sockets/*) ;;
# /var/tmp/*) ;;
# /var/userlogs/*) ;;
# *) echo $DIR ;;
# esac
# done
|