Subject: security/5068: security error catching
To: None <gnats-bugs@gnats.netbsd.org>
From: Chris Jones <cjones@pmax.math.montana.edu>
List: netbsd-bugs
Date: 02/25/1998 12:56:55
>Number:         5068
>Category:       security
>Synopsis:       /etc/security could stand to catch errors better
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 25 12:05:00 1998
>Last-Modified:
>Originator:     Chris Jones
>Organization:
-------------------------------------------------------------------------------
Chris Jones                                    cjones@rupert.honors.montana.edu
           Mad scientist in training...
"Is this going to be a stand-up programming session, sir, or another bug hunt?"
>Release:        <NetBSD-current source date>1.3
>Environment:
	
System: NetBSD pmax.math.montana.edu 1.3 NetBSD 1.3 (PMAX) #0: Mon Feb 9 14:56:05 MST 1998 cjones@pmax.math.montana.edu:/usr/local/src/sys/arch/pmax/compile/PMAX pmax


>Description:
I've got an NFS mount from a solaris machine, with -maproot=nobody.
Consequently, when /etc/security runs and tries to check the contents
of everybody's .rhosts files, it gives a multitude of "Permission
denied" errors.  These errors are just randomly spewed into the middle
of the security output, tacked onto the end of whatever preceding
check produced any output.

The permission errors should either be suppressed, or they should be
put under the heading of "Checking .rhosts files syntax:"
	
>How-To-Repeat:
See above.
	
>Fix:
Assuming that we just want to throw away these errors, the following
patch may be used.  However, we may want to catch the errors and
report them.

*** security.orig	Wed Feb 25 12:46:37 1998
--- security	Wed Feb 25 12:47:12 1998
***************
*** 1,6 ****
  #!/bin/sh -
  #
! #	$NetBSD: security,v 1.30 1997/10/08 16:13:44 mycroft Exp $
  #	from: @(#)security	8.1 (Berkeley) 6/9/93
  #
  
--- 1,6 ----
  #!/bin/sh -
  #
! #	$NetBSD$
  #	from: @(#)security	8.1 (Berkeley) 6/9/93
  #
  
***************
*** 296,302 ****
  
  	while read uid homedir; do
  		if [ -f ${homedir}/.rhosts ] && \
! 		    egrep '\+' ${homedir}/.rhosts > /dev/null ; then
  			printf "$uid: + in .rhosts file.\n"
  		fi
  	done < $MPBYPATH > $OUTPUT
--- 296,302 ----
  
  	while read uid homedir; do
  		if [ -f ${homedir}/.rhosts ] && \
! 		    egrep '\+' ${homedir}/.rhosts > 2>&1 /dev/null ; then
  			printf "$uid: + in .rhosts file.\n"
  		fi
  	done < $MPBYPATH > $OUTPUT

	
>Audit-Trail:
>Unformatted: