john@xanth.UUCP (03/25/87)
On the UNIX Security list, quite a while back, mention was made of
problems that could occur when home directories of users are writable.
(No, I'm not being trivial, I'm talking about non-human users,
.forward files, etc....) This prompted me to write the enclosed
program, both to check for this, and to help protect users against
themselves.
The program looks at all the home directories listed in /etc/passwd,
and prints a message if they don't exist, are not directories, or
their mode is not in the "table" of "OK" modes. I'm using stat()
instead of lstat(), so symbolic links are perfectly acceptable, as
long as they point to directories.... This program should run on any
version of UNIX that I can think of; if it doesn't, please let me
know.
The list of good modes is, of course, subjective. I initially used
the first set, then added the second set based on the output of the
first run. I didn't add all the mismatched modes I found; just the
ones that were fairly normal and that I didn't want to hear about....
The program is surprisingly (to me) fast. It took under a second on
our decently loaded VAX-11/785 running 4.3BSD with 501 passwd entries!
All requests to join the security list or for copies of back issues should
go to sec-request@isis.uucp, *NOT ME*. I get enough mail as it is. Thanks.
(Mail about this program, or just saying hello, is, of course, OK. :-) )
This program is placed in the public domain - you have only your
conscience to stop you from saying "hey, look at this neat program I
wrote"....
Enjoy!
John Owens Old Dominion University - Norfolk, Virginia, USA
john@ODU.EDU old arpa: john%odu.edu@RELAY.CS.NET
+1 804 440 3915 old uucp: {seismo,harvard,sun,hoptoad}!xanth!john
#include <pwd.h>
#include <sys/types.h>
#include <sys/stat.h>
/* These are "OK" modes for home directories to have. */
/* End with 0 (so 0 can't be "OK", but who cares). */
int table[] = {
/* always good modes: */
0700,
0750,
0770,
0755,
0775,
/* some people here like to do wierd things */
0711,
0751,
0771,
0
};
main(argc,argv)
char **argv;
{
register int mode;
register int *p;
struct passwd *pp;
static struct stat statb;
if (argc != 1) {
printf("Usage: %s\n",argv[0]);
exit(1);
}
while ((pp = getpwent()) != (struct passwd *)0) {
if (stat(pp->pw_dir,&statb) < 0) {
perror(pp->pw_dir);
continue;
}
if ((statb.st_mode & S_IFMT) != S_IFDIR) {
printf(
"User %s's home directory %s is not a directory! (mode 0%o)\n",
pp->pw_name,pp->pw_dir,statb.st_mode);
continue;
}
mode = statb.st_mode & ~S_IFMT;
for (p=table;*p;p++)
if (mode == *p) goto ok;
/* note that 3.3 will print 4 if needed */
printf("User %s's home directory %s is mode 0%3.3o!\n",
pp->pw_name,pp->pw_dir,mode);
ok: ;
}
exit(0);
}zardoz@apple.UUCP (03/26/87)
Does anyone have the sources for XLISP 1.x (whatever is current or nearly so). I have tried to contact David by phone and mail without success, and now I would like to try to get it to run on my Mac II (I'm addicted) which it doesn't do because it references some low memory globals that have *moved*. Help an addict fix his habit. Sources, gotta get more sources ... Phil