Changeset View
Changeset View
Standalone View
Standalone View
head/Mk/Scripts/security-check.awk
BEGIN { | BEGIN { | ||||
file = ""; | file = ""; | ||||
split("", stupid_binaries); | split("", stupid_binaries); | ||||
split("", network_binaries); | split("", network_binaries); | ||||
split("", setuid_binaries); | split("", setuid_binaries); | ||||
split("", writable_files); | split("", writable_files); | ||||
split("", startup_scripts); | split("", startup_scripts); | ||||
header_printed = 0; | header_printed = 0; | ||||
} | } | ||||
FILENAME ~ /\.flattened$/ { | FILENAME ~ /\.flattened$/ { | ||||
if ($0 ~ /(^|\/)etc\/rc\.d\//) | if ($0 ~ /(^|\/)etc\/rc\.d\//) | ||||
startup_scripts[$0] = 1; | startup_scripts[$0] = 1; | ||||
} | } | ||||
FILENAME ~ /\.objdump$/ { | FILENAME ~ /\.readelf$/ { | ||||
if (match($0, /: +file format [^ ]+$/)) { | if (match($0, /^File:/)) { | ||||
file = substr($0, 1, RSTART - 1); | file = substr($0, 7); | ||||
next; | next; | ||||
} | } | ||||
if (file == "") | if (file == "") | ||||
next; | next; | ||||
if ($3 ~ /^(gets|mktemp|tempnam|tmpnam)$/ || | if ($5 ~ /^(gets|mktemp|tempnam|tmpnam)$/ || | ||||
($3 ~ /^(strcpy|strcat|sprintf)$/ && audit != "")) | ($5 ~ /^(strcpy|strcat|sprintf)$/ && audit != "")) | ||||
stupid_binaries[file] = stupid_binaries[file] " " $3; | stupid_binaries[file] = stupid_binaries[file] " " $5; | ||||
if ($3 ~ /^(accept|recvfrom)$/) | if ($5 ~ /^(accept|recvfrom)$/) | ||||
network_binaries[file] = 1; | network_binaries[file] = 1; | ||||
} | } | ||||
FILENAME ~ /\.setuid$/ { setuid_binaries[$0] = 1; } | FILENAME ~ /\.setuid$/ { setuid_binaries[$0] = 1; } | ||||
FILENAME ~ /\.writable$/ { writable_files[$0] = 1; } | FILENAME ~ /\.writable$/ { writable_files[$0] = 1; } | ||||
function print_header() { | function print_header() { | ||||
if (header_printed) | if (header_printed) | ||||
return; | return; | ||||
if (audit != "") | if (audit != "") | ||||
▲ Show 20 Lines • Show All 63 Lines • Show Last 20 Lines |