aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2009-12-07 12:09:42 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2009-12-07 12:09:42 +0000
commit18d995763334acce3c2e31b0ac2ac33cc35a0e91 (patch)
tree6b221da755e1b37f18e2cc283cb69df5f66e860f
parent897cf3ce0d4ea1ee94054e1164eac5e14cd02ce1 (diff)
downloadmsec-18d995763334acce3c2e31b0ac2ac33cc35a0e91.tar
msec-18d995763334acce3c2e31b0ac2ac33cc35a0e91.tar.gz
msec-18d995763334acce3c2e31b0ac2ac33cc35a0e91.tar.bz2
msec-18d995763334acce3c2e31b0ac2ac33cc35a0e91.tar.xz
msec-18d995763334acce3c2e31b0ac2ac33cc35a0e91.zip
Do not report group writable files for gdm user (#56064)
-rwxr-xr-xcron-sh/scripts/01_files.sh3
1 files changed, 2 insertions, 1 deletions
diff --git a/cron-sh/scripts/01_files.sh b/cron-sh/scripts/01_files.sh
index c1135c6..b7f2d76 100755
--- a/cron-sh/scripts/01_files.sh
+++ b/cron-sh/scripts/01_files.sh
@@ -229,6 +229,7 @@ fi
Filter ${MSEC_TMP} CHECK_USER_FILES
### Check home directories. Directories should not be owned by someone else or writable.
+# The 'mail' and 'gdm' user directories are skipped as they are group-writable by design (#56064)
getent passwd | awk -F: '/^[^+-]/ { print $1 ":" $3 ":" $6 }' | \
while IFS=: read username uid homedir; do
if ! expr "$homedir" : "$FILTER" > /dev/null; then
@@ -241,7 +242,7 @@ while IFS=: read username uid homedir; do
fi
done | awk -F: '$3 != $5 && $5 != "(0)" \
{ print "user=" $2 $3 " : home directory is owned by " $4 $5 "." }
- $1 ~ /^d....w/ && $2 != "lp" && $2 != "mail" \
+ $1 ~ /^d....w/ && $2 != "lp" && $2 != "mail" && $2 != "gdm" \
{ print "user=" $2 $3" : home directory is group writable." }
$1 ~ /^d.......w/ \
{ print "user=" $2 $3" : home directory is other writable." }' > ${MSEC_TMP}