DataMuseum.dk

Presents historical artifacts from the history of:

DKUUG/EUUG Conference tapes

This is an automatic "excavation" of a thematic subset of
artifacts from Datamuseum.dk's BitArchive.

See our Wiki for more about DKUUG/EUUG Conference tapes

Excavated with: AutoArchaeologist - Free & Open Source Software. 

top - metrics - download
Index: T s

⟦d972aeb4a⟧ TextFile

    Length: 4209 (0x1071)
    Types: TextFile
    Names: »suid.chk«

Derivation

└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
    └─⟦ed5edc051⟧ »./cops/1.02/cops.102.tar« 
└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
    └─⟦db60b44f1⟧ »./cops/1.02/cops.102.tar.Z« 
        └─⟦ed5edc051⟧ 
            └─⟦this⟧ »cops/suid.chk«

TextFile

:
#
#   Shell script intended to be run periodically by cron in order
#   to spot changes in files with the suid or sgid bits set.
#
#	suid.chk	840919		Prentiss Riddle
#
#     This changes into the $SECURE directory first, then 
#   uses find(1) to search the directories in $SEARCH for all
#   files with the 4000 or 2000 permission bits set.  $STOP is a file
#   containing "ls -lga" output for known setuid or setgid programs.
#   Any additions or changes to this list represent potential security
#   problems, so they are reported to the users named in $INFORM.
#
#  Modified 8/15/89, Dan Farmer:
#	Just changed the program/doc names and some of the temp
#  files to make it fit in with the rest of the programs....
#  Modified 12/26/90, Dan Farmer:
#       Now flags SUID shell scripts and world writeable SUID files, too.
#

#  CHANGE THIS LINE!
INFORM="foo@bar.edu"
#

TEST=/bin/test
ECHO=/bin/echo
LS=/bin/ls
CAT=/bin/cat
MAIL=/bin/mail
CHMOD=/bin/chmod
SORT=/usr/bin/sort
COMM=/usr/bin/comm
FIND=/usr/bin/find
RM=/bin/rm
AWK=/bin/awk
SED=/bin/sed
GREP=/bin/grep
EGREP=/usr/bin/egrep
YPCAT=/usr/bin/ypcat

#   Checking for non-executable SUID files;
#
#   simple way; just see if file says it's a script -- this is a *definite*
# no-no, and the default:
#	type_filter="$GREP script"
#
#   Safer/paranoid way; anything but an executable is flagged (may not be
# good over NFS mounts with different binaries...
#	type_filter="$GREP -v xecut"
#
#   You may want to grep out "ermission" string, too, in case NFS mount
# stuff that you can't read gives you "permission denied", even as root:
#	type_filter="$EGREP"' -v '"xecut|ermiss"
#
type_filter="$GREP script"

# Yellow Pages check further down...
etc_passwd=/etc/passwd
SECURE=.
SEARCH=/
STOP=./suid.stop
TEMPOLD=./fsold$$
TEMPCUR=./fscur$$
TEMPNEW=./fsnew$$
TEMPGON=./fsgon$$
TEMPM=./fsm$$

umask 077
OLDCWD=`pwd`

if $TEST ! -d "$SECURE"
	then
	$ECHO "Error -- Security directory $SECURE doesn't exist"
	exit 1
fi

$CHMOD 700 $SECURE
cd $SECURE

# find the setuid programs and sort
$FIND $SEARCH \( -perm -4000 -o -perm -2000 \) -exec $LS -ldga {} \; | \
	$SORT > $TEMPCUR

# compare with the sorted stop list
$SORT <$STOP >$TEMPOLD
$COMM -13 $TEMPOLD $TEMPCUR | $SORT +8 >$TEMPNEW
$COMM -23 $TEMPOLD $TEMPCUR | $SORT +8 >$TEMPGON

# report changes
if $TEST -s $TEMPNEW -o -s $TEMPGON; then

	# YP?  Thanks again, to Rob Kolstad...
	# Scratch files for testing:
	yp_passwd=./ypsuid.$$

	# generic test to check for yp use?
	if $TEST -f $YPCAT -a -s $YPCAT ; then
		$YPCAT passwd > $yp_passwd
		if $TEST $? -eq 0 ; then
			etc_passwd=$yp_passwd
			fi
		fi

	# get the hostname:
	if $TEST -s /bin/hostname ; then
		HOSTNAME=`/bin/hostname`
	elif $TEST -s /bin/uname ; then
		HOSTNAME=`/bin/uname -n`
	elif $TEST -s /usr/bin/uuname ; then
		HOSTNAME=`/usr/bin/uuname -l`
		fi
	if $TEST -z "$HOSTNAME" ; then
		HOSTNAME="foobar"
		fi

	$ECHO >>$TEMPM
        $ECHO ATTENTION:                        >> $TEMPM
        $ECHO "SUID Security Report for "`$DATE`>> $TEMPM

        $ECHO "from host $HOSTNAME"             >> $TEMPM
	$ECHO >>$TEMPM

# NEW STUFF... $TEMPNEW holds the new SUID files; stuff the results in $TEMPM:
	for i in `$AWK '{print $NF}' $TEMPNEW`
		do
		# don't want SUID files to be world writable!
		./is_able $i w w >> $TEMPM

		type=`file "$i" | $SED 's/.*://' | $type_filter`

		if $TEST -n "$type" ; then
			owner=`$LS -ldga $i | $AWK '{print $3}'`
			uid=`$AWK -F: '/^'"$owner"'/{print $3}' $etc_passwd`

			# set to nobody, if can't find 'em in the password file
			if $TEST -z "$uid" ; then
				uid="-2"
				fi

			if $TEST "$uid" -eq "0" ; then
				$ECHO Warning!  ROOT owned SUID file $i is type: $type! >> $TEMPM
			else
				$ECHO Warning!  User: $owner SUID file $i is type: $type! >> $TEMPM
				fi
			fi
		done

	if $TEST -s $TEMPNEW; then
		$ECHO 'These files are newly setuid/setgid:' >>$TEMPM
		$ECHO '' >>$TEMPM
		$CAT $TEMPNEW >>$TEMPM
		$ECHO '' >>$TEMPM
	fi
	if $TEST -s $TEMPGON; then
		$ECHO 'These files are no longer setuid/setgid:' >>$TEMPM
		$ECHO '' >>$TEMPM
		$CAT $TEMPGON >>$TEMPM
	fi
	$MAIL $INFORM <$TEMPM
	$RM -f $TEMPM
fi
$RM -f $TEMPOLD $TEMPCUR $TEMPNEW $TEMPGON $yp_passwd

#  end it all....
exit 0