tech-userlevel archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: -current's /etc/security wrongly detects "." in root's path
On Sat, 15 Jan 2011, Dennis den Brok wrote:
> if I'm not mistaken, the check whether root's $PATH contains "."
> in /etc/security is wrong (at least for sh/ksh):
[...]
> /etc/profile is empty by default, so 'ls' ends up being called
> without pathname argument
Does the appended patch work? The idea is to make $TMP1 an empty file
if $PATH is empty.
However, it might be better to set PATH to some default value before
sourcing the file. This will allow it to report things like "Root path
directory /bin is group writable" even if /etc/profile or ~root/.profile
do not explicitly set PATH. But what default would we use? login(8)
uses setusercontext(3) but I don't know of a command-line interface to
that. It would be easy enough to use a hardcoded default, or sysctl
user.cs_path, but neither of those is exactly right.
--apb (Alan Barrett)
Index: etc/security
===================================================================
--- security 27 Dec 2010 03:38:52 -0000 1.109
+++ security 19 Jan 2011 19:19:38 -0000
@@ -366,7 +366,14 @@ if checkyesno check_rootdotfiles; then
unset PATH
/bin/csh -f -s << end-of-csh > /dev/null 2>&1
source $i
- /bin/ls -ldgT \$path > $TMP1
+ switch ("\$path")
+ case "":
+ : > $TMP1
+ breaksw
+ default:
+ /bin/ls -ldgT \$path > $TMP1
+ breaksw
+ endsw
end-of-csh
export PATH=$SAVE_PATH
awk '{
@@ -410,7 +417,14 @@ end-of-csh
. $i
list=\$\(echo \$PATH | /usr/bin/sed -e \
's/^:/.:/;s/:$/:./;s/::/:.:/g;s/:/ /g'\)
- /bin/ls -ldgT \$list > $TMP1
+ case "\$list" in
+ "")
+ : > $TMP1
+ ;;
+ *)
+ /bin/ls -ldgT \$list > $TMP1
+ ;;
+ esac
end-of-sh
export PATH=$SAVE_PATH
awk '{
Home |
Main Index |
Thread Index |
Old Index