1BEGIN { 2 file = ""; 3 split("", stupid_binaries); 4 split("", network_binaries); 5 split("", setuid_binaries); 6 split("", writable_files); 7 split("", startup_scripts); 8 header_printed = 0; 9} 10FILENAME ~ /\.flattened$/ { 11 if ($0 ~ /(^|\/)etc\/rc\.d\//) 12 startup_scripts[$0] = 1; 13} 14FILENAME ~ /\.readelf$/ { 15 if (match($0, /^File:/)) { 16 file = substr($0, 7); 17 next; 18 } 19 if (file == "") 20 next; 21 if ($5 ~ /^(gets|mktemp|tempnam|tmpnam)$/ || 22 ($5 ~ /^(strcpy|strcat|sprintf)$/ && audit != "")) 23 stupid_binaries[file] = stupid_binaries[file] " " $5; 24 if ($5 ~ /^(accept|recvfrom)$/) 25 network_binaries[file] = 1; 26} 27FILENAME ~ /\.setuid$/ { setuid_binaries[$0] = 1; } 28FILENAME ~ /\.writable$/ { writable_files[$0] = 1; } 29function print_header() { 30 if (header_printed) 31 return; 32 if (audit != "") 33 print "===> SECURITY REPORT (PARANOID MODE): "; 34 else 35 print "===> SECURITY REPORT: "; 36 header_printed = 1; 37} 38function note_for_the_stupid(file) { return (file in stupid_binaries) ? (" (USES POSSIBLY INSECURE FUNCTIONS:" stupid_binaries[file] ")") : ""; } 39END { 40 note_printed = 0; 41 for (file in setuid_binaries) { 42 if (!note_printed) { 43 print_header(); 44 print " This port has installed the following binaries which execute with"; 45 print " increased privileges."; 46 note_printed = 1; 47 } 48 print file note_for_the_stupid(file); 49 } 50 if (note_printed) 51 print ""; 52 note_printed = 0; 53 for (file in network_binaries) { 54 if (!note_printed) { 55 print_header(); 56 print " This port has installed the following files which may act as network"; 57 print " servers and may therefore pose a remote security risk to the system."; 58 note_printed = 1; 59 } 60 print file note_for_the_stupid(file); 61 } 62 if (note_printed) { 63 print ""; 64 note_printed = 0; 65 for (file in startup_scripts) { 66 if (!note_printed) { 67 print_header(); 68 print " This port has installed the following startup scripts which may cause"; 69 print " these network services to be started at boot time."; 70 note_printed = 1; 71 } 72 print file; 73 } 74 if (note_printed) 75 print ""; 76 } 77 note_printed = 0; 78 for (file in writable_files) { 79 if (!note_printed) { 80 print_header(); 81 print " This port has installed the following world-writable files/directories."; 82 note_printed = 1; 83 } 84 print file; 85 } 86 if (note_printed) 87 print ""; 88 if (header_printed) { 89 print " If there are vulnerabilities in these programs there may be a security"; 90 print " risk to the system. MidnightBSD makes no guarantee about the security of"; 91 print " ports included in the Ports Collection. Please type 'make deinstall'"; 92 print " to deinstall the port if this is a concern."; 93 } 94 exit header_printed; 95} 96