1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
#!/bin/sh
#
# tiger - A UN*X security checking system
# Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
# Please see the file `COPYING' for the complete copyright notice.
#
# sub/check_suid - 06/14/93
#
#-----------------------------------------------------------------------------
# This script is not runnable directly.
#
inputfile="$1"
[ "$CONFIGURED_ALREADY" != "YES" ] && {
echo "--ERROR-- [init008e] This script can not be run directly."
exit 1
}
. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
haveallcmds RM FILECMD SGREP LS STRINGS SORT COMM CAT AWK || exit 1
haveallfiles BASEDIR WORKDIR SUID_LIST || exit 1
echo "--CONFIG-- [init003c] $0: Configuration ok..."
exit 0
}
#------------------------------------------------------------------------
echo
echo "# Checking setuid executables..."
haveallfiles BASEDIR WORKDIR || exit 1
[ -n "$TigerCheckEmbedded" -a "x$Tiger_Embed_Check_SUID" = 'xY' ] && {
while read file
do
$LS -lLd "$file" 2>/dev/null | {
read p l owner rest
[ "$owner" = root ] && echo "$file" >> $TigerCheckEmbedded
}
done
}
haveallcmds FILECMD LS SGREP STRINGS && {
while read file
do
$FILECMD "$file" 2>/dev/null | $SGREP script 2>/dev/null && {
message FAIL fsys001f "" "File $file is a setuid script:"
$LS $LSGROUP -ld "$file"
}
case "$file" in
*xterm) {
message WARN misc013w "" "$file: see CERT Advisory CA-93:17 about a security hole in xterm."
}
;;
esac
$STRINGS - "$file" 2>/dev/null |
$SGREP '\.\./' 2>/dev/null && {
$SGREP "$file" $REL_FILE_EXCP 2>/dev/null || {
case "$file" in
*/xload)
message WARN misc015w "" "$file appears to contain relative pathnames. There is a known security vulnerability with xload in this configuration."
;;
*)
message WARN fsys002w "" "setuid program $file has relative pathnames."
;;
esac
}
}
getpermit "$file" |
pathmsg . suidxxx "$file" . "Setuid file" ""
done < $inputfile
echo
}
haveallcmds SORT COMM CAT && {
if [ -n "$SUID_LIST" -a -s "$SUID_LIST" ]; then
$SORT $SUID_LIST |
$COMM -23 $inputfile - > $WORKDIR/suid.list.$$
else
message CONFIG fsys003c "" 'No setuid list... listing all setuid files'
$CAT $inputfile > $WORKDIR/suid.list.$$
fi
}
haveallcmds LS AWK && {
[ -s $WORKDIR/suid.list.$$ ] && {
message INFO fsys004i "" 'The following setuid programs are non-standard:'
while read file
do
$LS $LSGROUP -ld "$file"
done < $WORKDIR/suid.list.$$ |
$AWK '{printf("%10s %-8s %-8s %s\n", $1, $3, $4, $NF);}' |
$SORT
echo
}
}
#
# Try to locate setuid copies of any executables we have signatures
# for.
#
haveallcmds SORT AWK COMM GREP LS SNEFRU &&
haveallfiles SIGNATURE_FILE && {
$SORT $WORKDIR/suid.list.$$ > $WORKDIR/suid.$$
$AWK '{print $3}' $SIGNATURE_FILE |
$SORT |
$COMM -13 - $WORKDIR/suid.$$ |
while read file
do
loc_signature=
case "$p1$p2$p3$p4$p5$p6$p7$p8" in
*[!0-9a-f]*) {
std_signature="$p1"
comment="$p2 $p3 $p4 $p5 $p6 $p7 $p8 $comment"
[ -n "$MD5" ] && loc_signature="`$MD5 < $file`"
}
;;
*) {
std_signature=" $p1 $p2 $p3 $p4 $p5 $p6 $p7 $p8"
[ -n "$SNEFRU" ] && loc_signature="`$SNEFRU < $file`"
}
;;
esac
[ -n "$loc_signature" ] && {
$GREP "$loc_signature" $SIGNATURE_FILE | {
read flag msgid rfile p1 p2 p3 p4 p5 p6 p7 p8 comment
[ -n "$rfile" -a "$file" != "$rfile" ] && {
message ALERT suid001a "" "\`$file' is a setuid copy of $rfile [$comment]."
$LS -ld $LSGROUP $file
}
}
}
done
}
delete $WORKDIR/suid.list.$$ $WORKDIR/suid.$$
|
