ffmpeg-6: fix COMPONENT_REVISION
[oi-userland.git] / components / mail / sendmail / files / check-permissions.sh
blobdd5b7177947ccd5914ea512eb2fae71a8981f35f
1 #!/bin/sh --
3 # CDDL HEADER START
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
20 # CDDL HEADER END
23 # Check :include: aliases (in files configured in sendmail.cf) and .forward
24 # files to make sure the files and their parent directory paths all have
25 # proper permissions. And check the master alias file(s) too.
27 # See http://www.sendmail.org/vendor/sun/migration.html#Security for details.
29 # Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
32 PATH=/bin
34 # Check the group- and world-writable bits on the given file.
36 analyze() {
37 case "`ls -Lldn $1`" in
38 ?????w??w?*)
39 echo $2: $1 is group and world writable
40 bogus_dirs=true ;;
41 ????????w?*)
42 echo $2: $1 is world writable
43 bogus_dirs=true ;;
44 ?????w????*)
45 echo $2: $1 is group writable
46 bogus_dirs=true ;;
47 esac
50 # Break down the given file name into its components, and call analyze with
51 # each of them. E.g., an argument of /usr/local/aliases/foo.list would call
52 # analyze in turn with arguments:
53 # * /usr/local/aliases/foo.list
54 # * /usr/local/aliases
55 # * /usr/local
56 # * /usr
58 break_down() {
59 for j in `echo $1 | \
60 awk '{
61 n = split($0, parts, "/");
62 for (i = n; i >= 2; i--){
63 string = "";
64 for (j = 2; j <= i; j++){
65 string = sprintf("%s/%s", string, parts[j]);
67 print string
69 }'` "/"
71 analyze $j $1
72 done
75 config=/etc/mail/sendmail.cf
76 bogus_dirs=false
78 afl1=`grep "^OA" $config | sed 's/^OA//' | sed 's/,/ /g' | sed 's/.*://'`
79 afl2=`grep "^O AliasFile=" $config | sed 's/^O AliasFile=//' | \
80 sed 's/,/ /g' | sed 's/.*://'`
82 # These should be OK themselves, but other packages may have screwed up the
83 # permissions on /etc or /etc/mail . And best to check in case non-standard
84 # alias paths are used.
86 break_down $afl1 $afl2
88 # Find all valid :include: files used in alias files configured in sendmail.cf
90 for i in `sed 's/^[#].*$//' $afl1 $afl2 | \
91 grep :include: | \
92 sed 's/.*:include://' | \
93 sed 's/,.*$//'`
95 break_down $i
96 done
98 # Check .forward files as well. If the argument "ALL" is given, do it for
99 # everyone. If no argument to the script is given, just do it for the current
100 # user. O/w, do it for all arguments.
102 if [ $# -eq 0 ] ; then
103 arg="$(id -u -n -r)"
104 elif [ $1 = "ALL" ] ; then
105 arg=""
106 else
107 arg="$*"
110 for i in `getent passwd $arg | nawk -F: '{print $6}'`
112 if [ -f $i/.forward ] ; then
113 break_down $i/.forward
115 done
117 $bogus_dirs || echo "No unsafe directories found."