1BEGIN {
2	file = "";
3	split("", stupid_binaries);
4	split("", network_binaries);
5	split("", setuid_binaries);
6	split("", writable_files);
7	split("", startup_scripts);
8	header_printed = 0;
9}
10FILENAME ~ /\.flattened$/ {
11	if ($0 ~ /(^|\/)etc\/rc\.d\//)
12		startup_scripts[$0] = 1;
13}
14FILENAME ~ /\.readelf$/ {
15	if (match($0, /^File:/)) {
16		file = substr($0, 7);
17		next;
18	}
19	if (file == "")
20		next;
21	if ($5 ~ /^(gets|mktemp|tempnam|tmpnam)$/ ||
22	  ($5 ~ /^(strcpy|strcat|sprintf)$/ && audit != ""))
23		stupid_binaries[file] = stupid_binaries[file] " " $5;
24	if ($5 ~ /^(accept|recvfrom)$/)
25		network_binaries[file] = 1;
26}
27FILENAME ~ /\.setuid$/ { setuid_binaries[$0] = 1; }
28FILENAME ~ /\.writable$/ { writable_files[$0] = 1; }
29function print_header() {
30	if (header_printed)
31		return;
32	if (audit != "")
33		print "===> SECURITY REPORT (PARANOID MODE): ";
34	else
35		print "===> SECURITY REPORT: ";
36	header_printed = 1;
37}
38function note_for_the_stupid(file) { return (file in stupid_binaries) ? (" (USES POSSIBLY INSECURE FUNCTIONS:" stupid_binaries[file] ")") : ""; }
39END {
40	note_printed = 0;
41	for (file in setuid_binaries) {
42		if (!note_printed) {
43			print_header();
44			print "      This port has installed the following binaries which execute with";
45			print "      increased privileges.";
46			note_printed = 1;
47		}
48		print file note_for_the_stupid(file);
49	}
50	if (note_printed)
51		print "";
52	note_printed = 0;
53	for (file in network_binaries) {
54		if (!note_printed) {
55			print_header();
56			print "      This port has installed the following files which may act as network";
57			print "      servers and may therefore pose a remote security risk to the system.";
58			note_printed = 1;
59		}
60		print file note_for_the_stupid(file);
61	}
62	if (note_printed) {
63		print "";
64		note_printed = 0;
65		for (file in startup_scripts) {
66			if (!note_printed) {
67				print_header();
68				print "      This port has installed the following startup scripts which may cause";
69				print "      these network services to be started at boot time.";
70				note_printed = 1;
71			}
72			print file;
73		}
74		if (note_printed)
75			print "";
76	}
77	note_printed = 0;
78	for (file in writable_files) {
79		if (!note_printed) {
80			print_header();
81			print "      This port has installed the following world-writable files/directories.";
82			note_printed = 1;
83		}
84		print file;
85	}
86	if (note_printed)
87		print "";
88	if (header_printed) {
89		print "      If there are vulnerabilities in these programs there may be a security";
90		print "      risk to the system. MidnightBSD makes no guarantee about the security of";
91		print "      ports included in the Ports Collection. Please type 'make deinstall'";
92		print "      to deinstall the port if this is a concern.";
93	}
94	exit header_printed;
95}
96