1BEGIN { 2 file = ""; 3 if (audit != "") 4 stupid_functions_regexp="^(gets|mktemp|tempnam|tmpnam|strcpy|strcat|sprintf)$"; 5 else 6 stupid_functions_regexp="^(gets|mktemp|tempnam|tmpnam)$"; 7 split("", stupid_binaries); 8 split("", network_binaries); 9 split("", setuid_binaries); 10 split("", writable_files); 11 split("", startup_scripts); 12 header_printed = 0; 13} 14FILENAME ~ /\.flattened$/ { 15 if ($0 ~ /(^|\/)etc\/rc\.d\//) 16 startup_scripts[$0] = 1; 17} 18FILENAME ~ /\.objdump$/ { 19 if (match($0, /: +file format [^ ]+$/)) { 20 file = substr($0, 1, RSTART - 1); 21 stupid_functions = ""; 22 next; 23 } 24 if (file == "") 25 next; 26 if ($3 ~ /^(gets|mktemp|tempnam|tmpnam)$/ || 27 ($3 ~ /^(strcpy|strcat|sprintf)$/ && audit != "")) 28 stupid_binaries[file] = stupid_binaries[file] " " $3; 29 if ($3 ~ /^(accept|recvfrom)$/) 30 network_binaries[file] = 1; 31} 32FILENAME ~ /\.setuid$/ { setuid_binaries[$0] = 1; } 33FILENAME ~ /\.writable$/ { writable_files[$0] = 1; } 34function print_header() { 35 if (header_printed) 36 return; 37 if (audit != "") { 38 if (destdir == "") 39 print "===> SECURITY REPORT (PARANOID MODE): "; 40 else 41 print "===> SECURITY REPORT FOR", destdir, "(PARANOID MODE): "; 42 } 43 else { 44 if (destdir == "") 45 print "===> SECURITY REPORT: "; 46 else 47 print "===> SECURITY REPORT FOR", destdir, ": "; 48 } 49 header_printed = 1; 50} 51function note_for_the_stupid(file) { return (file in stupid_binaries) ? (" (USES POSSIBLY INSECURE FUNCTIONS:" stupid_binaries[file] ")") : ""; } 52END { 53 note_printed = 0; 54 for (file in setuid_binaries) { 55 if (!note_printed) { 56 print_header(); 57 if (destdir == "") { 58 print " This port has installed the following binaries, which execute with"; 59 print " increased privileges."; 60 } 61 else { 62 print " This port has installed the following binaries into", destdir, ", which"; 63 print " execute with increased privileges."; 64 } 65 note_printed = 1; 66 } 67 print file note_for_the_stupid(file); 68 } 69 if (note_printed) 70 print ""; 71 note_printed = 0; 72 for (file in network_binaries) { 73 if (!note_printed) { 74 print_header(); 75 if (destdir == "") { 76 print " This port has installed the following files, which may act as network"; 77 print " servers and may therefore pose a remote security risk to the system."; 78 } 79 else { 80 print " This port has installed the following files into", destdir, ", which may"; 81 print " act as network servers and may therefore pose a remote security risk to"; 82 print " the system."; 83 } 84 note_printed = 1; 85 } 86 print file note_for_the_stupid(file); 87 } 88 if (note_printed) { 89 print ""; 90 note_printed = 0; 91 for (file in startup_scripts) { 92 if (!note_printed) { 93 print_header(); 94 if (destdir == "") { 95 print " This port has installed the following startup scripts, which may cause"; 96 print " these network services to be started at boot time."; 97 } 98 else { 99 print " This port has installed the following startup scripts into", destdir, ", which"; 100 print " may cause these network services to be started at boot time."; 101 } 102 note_printed = 1; 103 } 104 print file; 105 } 106 if (note_printed) 107 print ""; 108 } 109 note_printed = 0; 110 for (file in writable_files) { 111 if (!note_printed) { 112 print_header(); 113 if (destdir == "") 114 print " This port has installed the following world-writable files/directories."; 115 else 116 print " This port has installed the following world-writable files/directories into", destdir, "."; 117 note_printed = 1; 118 } 119 print file; 120 } 121 if (note_printed) 122 print ""; 123 if (header_printed) { 124 print " If there are vulnerabilities in these programs there may be a security"; 125 print " risk to the system. MidnightBSD makes no guarantee about the security of"; 126 print " ports included in the Ports Collection. Please type 'make deinstall'"; 127 print " to deinstall the port if this is a concern."; 128 } 129 exit header_printed; 130} 131