diff options
| author | bdrewery <bdrewery@FreeBSD.org> | 2014-05-10 06:35:50 +0800 |
|---|---|---|
| committer | bdrewery <bdrewery@FreeBSD.org> | 2014-05-10 06:35:50 +0800 |
| commit | 7b5a22a9ba34533051e9fe575a3db4b25bb049ea (patch) | |
| tree | 52cccbd29942bd7a15161c311901c59f18a81b3f /Tools | |
| parent | fb81dcccd2167112eb79881fb0014781f086d3e8 (diff) | |
| download | freebsd-ports-gnome-7b5a22a9ba34533051e9fe575a3db4b25bb049ea.tar.gz freebsd-ports-gnome-7b5a22a9ba34533051e9fe575a3db4b25bb049ea.tar.zst freebsd-ports-gnome-7b5a22a9ba34533051e9fe575a3db4b25bb049ea.zip | |
- Move security-check.awk to Mk/Scripts where it is more proper these days.
With hat: portmgr
Diffstat (limited to 'Tools')
| -rw-r--r-- | Tools/scripts/security-check.awk | 100 |
1 files changed, 0 insertions, 100 deletions
diff --git a/Tools/scripts/security-check.awk b/Tools/scripts/security-check.awk deleted file mode 100644 index 48746cdb6384..000000000000 --- a/Tools/scripts/security-check.awk +++ /dev/null @@ -1,100 +0,0 @@ -BEGIN { - file = ""; - if (audit != "") - stupid_functions_regexp="^(gets|mktemp|tempnam|tmpnam|strcpy|strcat|sprintf)$"; - else - stupid_functions_regexp="^(gets|mktemp|tempnam|tmpnam)$"; - split("", stupid_binaries); - split("", network_binaries); - split("", setuid_binaries); - split("", writable_files); - split("", startup_scripts); - header_printed = 0; -} -FILENAME ~ /\.flattened$/ { - if ($0 ~ /(^|\/)etc\/rc\.d\//) - startup_scripts[$0] = 1; -} -FILENAME ~ /\.objdump$/ { - if (match($0, /: +file format [^ ]+$/)) { - file = substr($0, 1, RSTART - 1); - stupid_functions = ""; - next; - } - if (file == "") - next; - if ($3 ~ /^(gets|mktemp|tempnam|tmpnam)$/ || - ($3 ~ /^(strcpy|strcat|sprintf)$/ && audit != "")) - stupid_binaries[file] = stupid_binaries[file] " " $3; - if ($3 ~ /^(accept|recvfrom)$/) - network_binaries[file] = 1; -} -FILENAME ~ /\.setuid$/ { setuid_binaries[$0] = 1; } -FILENAME ~ /\.writable$/ { writable_files[$0] = 1; } -function print_header() { - if (header_printed) - return; - if (audit != "") - print "===> SECURITY REPORT (PARANOID MODE): "; - else - print "===> SECURITY REPORT: "; - header_printed = 1; -} -function note_for_the_stupid(file) { return (file in stupid_binaries) ? (" (USES POSSIBLY INSECURE FUNCTIONS:" stupid_binaries[file] ")") : ""; } -END { - note_printed = 0; - for (file in setuid_binaries) { - if (!note_printed) { - print_header(); - print " This port has installed the following binaries which execute with"; - print " increased privileges."; - note_printed = 1; - } - print file note_for_the_stupid(file); - } - if (note_printed) - print ""; - note_printed = 0; - for (file in network_binaries) { - if (!note_printed) { - print_header(); - print " This port has installed the following files which may act as network"; - print " servers and may therefore pose a remote security risk to the system."; - note_printed = 1; - } - print file note_for_the_stupid(file); - } - if (note_printed) { - print ""; - note_printed = 0; - for (file in startup_scripts) { - if (!note_printed) { - print_header(); - print " This port has installed the following startup scripts which may cause"; - print " these network services to be started at boot time."; - note_printed = 1; - } - print file; - } - if (note_printed) - print ""; - } - note_printed = 0; - for (file in writable_files) { - if (!note_printed) { - print_header(); - print " This port has installed the following world-writable files/directories."; - note_printed = 1; - } - print file; - } - if (note_printed) - print ""; - if (header_printed) { - print " If there are vulnerabilities in these programs there may be a security"; - print " risk to the system. FreeBSD makes no guarantee about the security of"; - print " ports included in the Ports Collection. Please type 'make deinstall'"; - print " to deinstall the port if this is a concern."; - } - exit header_printed; -} |