mp@mit-eddi.UUCP (Mark Plotnick) (06/25/83)
Thanks to recent unix-wizards mail about security breaches, one administrator here decided to run "ncheck -s". I mentioned that he'd probably only find setuid files on / and /usr, and that if ncheck found any setuid files on the other filesystems, he should be sure to check them out. So a few minutes later he comes to me and says he's found dozens of setuid and/or special files on /usr/src ! Ncheck was in fact listing every file in the file system. In fact, NONE of the files in that filesystem were special or setuid, and that's what tickled the bug (feature?). If you specify "-i #,#,#" to ncheck, it'll fill in a table (ilist[]), and will only tell you about those files. If you don't give any options to ncheck, this table is empty and, due to some "clever" code in pass3(), ncheck will tell you about all the files in the filesystem. BUT, the way the -s option is implemented is that during pass 1 through the filesystem, all special and setuid files are noted in ilist[]. If no special or setuid files are found, then the ilist[] array is empty and indistinguishable from the case where you gave ncheck no options at all. A tentative fix is to add a variable called iflg which is nonzero if the -i option is given (add "iflg++;" to the appropriate case in the switch statement in main), and then in pass3 replace the statement if(ilist[0] == 0) goto pr; with if(!iflg && !sflg) goto pr; Mark Plotnick MIT EECS Dept.