diff options
-rwxr-xr-x | cron-sh/diff_check.sh | 48 | ||||
-rwxr-xr-x | cron-sh/security.sh | 16 | ||||
-rwxr-xr-x | cron-sh/security_check.sh | 30 | ||||
-rw-r--r-- | doc/msec.lyx | 8 | ||||
-rw-r--r-- | doc/security.txt | 8 | ||||
-rwxr-xr-x | init-sh/custom.sh | 4 | ||||
-rwxr-xr-x | init-sh/level1.sh | 2 | ||||
-rw-r--r-- | msec.spec | 22 | ||||
-rw-r--r-- | share/README | 2 | ||||
-rw-r--r-- | share/libmsec.py | 3 | ||||
-rwxr-xr-x | share/msec.py | 2 | ||||
-rw-r--r-- | src/msec_find/find.c | 14 |
12 files changed, 90 insertions, 69 deletions
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh index bccfc44..ac7c10c 100755 --- a/cron-sh/diff_check.sh +++ b/cron-sh/diff_check.sh @@ -28,10 +28,10 @@ if [[ ${CHECK_SUID_ROOT} == yes ]]; then if ! diff -u ${SUID_ROOT_YESTERDAY} ${SUID_ROOT_TODAY} > ${SUID_ROOT_DIFF}; then printf "\nSecurity Warning: Change in Suid Root files found :\n" >> ${TMP} grep '^+' ${SUID_ROOT_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do - printf "\t\t- Newly added suid root file : ${file}\n" + printf "\t\t- Newly added suid root file : ${file}\n" done >> ${TMP} grep '^-' ${SUID_ROOT_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do - printf "\t\t- No more present suid root file : ${file}\n" + printf "\t\t- No longer present suid root file : ${file}\n" done >> ${TMP} fi fi @@ -45,10 +45,10 @@ if [[ ${CHECK_SUID_GROUP} == yes ]]; then if ! diff -u ${SUID_GROUP_YESTERDAY} ${SUID_GROUP_TODAY} > ${SUID_GROUP_DIFF}; then printf "\nSecurity Warning: Changes in Sgid files found :\n" >> ${TMP} grep '^+' ${SUID_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do - printf "\t\t- Newly added sgid file : ${file}\n" + printf "\t\t- Newly added sgid file : ${file}\n" done >> ${TMP} grep '^-' ${SUID_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do - printf "\t\t- No more present sgid file : ${file}\n" + printf "\t\t- No longer present sgid file : ${file}\n" done >> ${TMP} fi fi @@ -56,17 +56,17 @@ if [[ ${CHECK_SUID_GROUP} == yes ]]; then fi ### Writable files detection -if [[ ${CHECK_WRITEABLE} == yes ]]; then +if [[ ${CHECK_WRITABLE} == yes ]]; then - if [[ -f ${WRITEABLE_YESTERDAY} ]]; then - diff -u ${WRITEABLE_YESTERDAY} ${WRITEABLE_TODAY} > ${WRITEABLE_DIFF} - if [ -s ${WRITEABLE_DIFF} ]; then - printf "\nSecurity Warning: Change in World Writeable Files found :\n" >> ${TMP} - grep '^+' ${WRITEABLE_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do - printf "\t\t- Newly added writables files : ${file}\n" + if [[ -f ${WRITABLE_YESTERDAY} ]]; then + diff -u ${WRITABLE_YESTERDAY} ${WRITABLE_TODAY} > ${WRITABLE_DIFF} + if [ -s ${WRITABLE_DIFF} ]; then + printf "\nSecurity Warning: Change in World Writable Files found :\n" >> ${TMP} + grep '^+' ${WRITABLE_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do + printf "\t\t- Newly added writable file : ${file}\n" done >> ${TMP} - grep '^-' ${WRITEABLE_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do - printf "\t\t- No more present writables file : ${file}\n" + grep '^-' ${WRITABLE_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do + printf "\t\t- No longer present writable file : ${file}\n" done >> ${TMP} fi fi @@ -81,10 +81,10 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then if [ -s ${UNOWNED_USER_DIFF} ]; then printf "\nSecurity Warning: the following files aren't owned by an user :\n" >> ${TMP} grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do - printf "\t\t- Newly added un-owned file : ${file}\n" + printf "\t\t- Newly added un-owned file : ${file}\n" done >> ${TMP} grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do - printf "\t\t- No more present un-owned file : ${file}\n" + printf "\t\t- No longer present un-owned file : ${file}\n" done >> ${TMP} fi fi @@ -94,10 +94,10 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then if [ -s ${UNOWNED_GROUP_DIFF} ]; then printf "\nSecurity Warning: the following files aren't owned by a group :\n" >> ${TMP} grep '^+' ${UNOWNED_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do - printf "\t\t- Newly added un-owned file : ${file}\n" + printf "\t\t- Newly added un-owned file : ${file}\n" done >> ${TMP} grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do - printf "\t\t- No more present un-owned file : ${file}\n" + printf "\t\t- No longer present un-owned file : ${file}\n" done >> ${TMP} fi fi @@ -118,7 +118,7 @@ if [[ ${CHECK_SUID_MD5} == yes ]]; then printf "\tmaybe an intruder modified one of these suid binary in order to put in a backdoor...\n" >> ${TMP} ctrl_md5=1; fi - printf "\t\t- Checksum changed files : ${file}\n" + printf "\t\t- Checksum changed file : ${file}\n" fi done >> ${TMP} fi @@ -151,10 +151,10 @@ if [[ ${RPM_CHECK} == yes ]]; then if [ -s ${RPM_QA_DIFF} ]; then printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${TMP} grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do - printf "\t\t- Newly installed package : ${file}\n" + printf "\t\t- Newly installed package : ${file}\n" done >> ${TMP} grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do - printf "\t\t- No more present package : ${file}\n" + printf "\t\t- No longer present package : ${file}\n" done >> ${TMP} fi fi @@ -163,10 +163,10 @@ if [[ ${RPM_CHECK} == yes ]]; then if [ -s ${RPM_VA_DIFF} ]; then printf "\nSecurity Warning: These files belonging to packages have changed of status on the system :\n" >> ${TMP} grep '^+' ${RPM_VA_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do - printf "\t\t- Newly modified : ${file}\n" + printf "\t\t- Newly modified : ${file}\n" done >> ${TMP} grep '^-' ${RPM_VA_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do - printf "\t\t- No more modified : ${file}\n" + printf "\t\t- No longer modified : ${file}\n" done >> ${TMP} fi fi @@ -175,10 +175,10 @@ if [[ ${RPM_CHECK} == yes ]]; then if [ -s ${RPM_VA_CONFIG_DIFF} ]; then printf "\nSecurity Warning: These config files belonging to packages have changed of status on the system :\n" >> ${TMP} grep '^+' ${RPM_VA_CONFIG_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do - printf "\t\t- Newly modified : ${file}\n" + printf "\t\t- Newly modified : ${file}\n" done >> ${TMP} grep '^-' ${RPM_VA_CONFIG_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do - printf "\t\t- No more modified : ${file}\n" + printf "\t\t- No longer modified : ${file}\n" done >> ${TMP} fi fi diff --git a/cron-sh/security.sh b/cron-sh/security.sh index 2828f71..7c51395 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -49,9 +49,9 @@ SUID_MD5_DIFF="/var/log/security/suid_md5.diff" export OPEN_PORT_TODAY="/var/log/security/open_port.today" OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday" OPEN_PORT_DIFF="/var/log/security/open_port.diff" -export WRITEABLE_TODAY="/var/log/security/writeable.today" -WRITEABLE_YESTERDAY="/var/log/security/writeable.yesterday" -WRITEABLE_DIFF="/var/log/security/writeable.diff" +export WRITABLE_TODAY="/var/log/security/writable.today" +WRITABLE_YESTERDAY="/var/log/security/writable.yesterday" +WRITABLE_DIFF="/var/log/security/writable.diff" export UNOWNED_USER_TODAY="/var/log/security/unowned_user.today" UNOWNED_USER_YESTERDAY="/var/log/security/unowned_user.yesterday" UNOWNED_USER_DIFF="/var/log/security/unowned_user.diff" @@ -91,8 +91,8 @@ if [[ -f ${SUID_GROUP_TODAY} ]]; then mv ${SUID_GROUP_TODAY} ${SUID_GROUP_YESTERDAY}; fi -if [[ -f ${WRITEABLE_TODAY} ]]; then - mv ${WRITEABLE_TODAY} ${WRITEABLE_YESTERDAY}; +if [[ -f ${WRITABLE_TODAY} ]]; then + mv ${WRITABLE_TODAY} ${WRITABLE_YESTERDAY}; fi if [[ -f ${UNOWNED_USER_TODAY} ]]; then @@ -142,9 +142,9 @@ if [[ -f ${SUID_GROUP_TODAY} ]]; then mv -f ${SUID_GROUP_TODAY}.tmp ${SUID_GROUP_TODAY} fi -if [[ -f ${WRITEABLE_TODAY} ]]; then - sort < ${WRITEABLE_TODAY} | egrep -v '^(/var)?/tmp$' > ${WRITEABLE_TODAY}.tmp - mv -f ${WRITEABLE_TODAY}.tmp ${WRITEABLE_TODAY} +if [[ -f ${WRITABLE_TODAY} ]]; then + sort < ${WRITABLE_TODAY} | egrep -v '^(/var)?/tmp$' > ${WRITABLE_TODAY}.tmp + mv -f ${WRITABLE_TODAY}.tmp ${WRITABLE_TODAY} fi if [[ -f ${UNOWNED_USER_TODAY} ]]; then diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh index 1e9b5cc..dbac4f4 100755 --- a/cron-sh/security_check.sh +++ b/cron-sh/security_check.sh @@ -28,11 +28,11 @@ if [[ ! -d /var/log/security ]]; then mkdir /var/log/security fi -### Writeable file detection -if [[ ${CHECK_WRITEABLE} == yes ]]; then - if [[ -s ${WRITEABLE_TODAY} ]]; then - printf "\nSecurity Warning: World Writeable files found :\n" >> ${SECURITY} - cat ${WRITEABLE_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY} +### Writable file detection +if [[ ${CHECK_WRITABLE} == yes ]]; then + if [[ -s ${WRITABLE_TODAY} ]]; then + printf "\nSecurity Warning: World Writable files found :\n" >> ${SECURITY} + cat ${WRITABLE_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY} fi fi @@ -76,16 +76,16 @@ done | awk '$1 != $6 && $6 != "0" \ $4 ~ /^-......r/ \ { print "\t\t- " $3 " : file is other readable." } $4 ~ /^-....w/ \ - { print "\t\t- " $3 " : file is group writeable." } + { print "\t\t- " $3 " : file is group writable." } $4 ~ /^-.......w/ \ - { print "\t\t- " $3 " : file is other writeable." }' > ${TMP} + { print "\t\t- " $3 " : file is other writable." }' > ${TMP} if [[ -s ${TMP} ]]; then printf "\nSecurity Warning: these files shouldn't be owned by someone else or readable :\n" >> ${SECURITY} cat ${TMP} >> ${SECURITY} fi -### Files that should not be owned by someone else or writeable. +### Files that should not be owned by someone else or writable. list=".bashrc .bash_profile .bash_login .bash_logout .cshrc .emacs .exrc \ .forward .klogin .login .logout .profile .tcshrc .fvwmrc .inputrc .kshrc \ .nexrc .screenrc .ssh .ssh/config .ssh/authorized_keys .ssh/environment \ @@ -101,16 +101,16 @@ while read username uid homedir; do done | awk '$1 != $6 && $6 != "0" \ { print "\t\t- " $3 " : file is owned by uid " $6 "." } $4 ~ /^.....w/ \ - { print "\t\t- " $3 " : file is group writeable." } + { print "\t\t- " $3 " : file is group writable." } $4 ~ /^........w/ \ - { print "\t\t- " $3 " : file is other writeable." }' > ${TMP} + { print "\t\t- " $3 " : file is other writable." }' > ${TMP} if [[ -s ${TMP} ]]; then - printf "\nSecurity Warning: theses files should not be owned by someone else or writeable :\n" >> ${SECURITY} + printf "\nSecurity Warning: theses files should not be owned by someone else or writable :\n" >> ${SECURITY} cat ${TMP} >> ${SECURITY} fi -### Check home directories. Directories should not be owned by someone else or writeable. +### Check home directories. Directories should not be owned by someone else or writable. awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' /etc/passwd | \ while read username uid homedir; do if [[ -d ${homedir} ]] ; then @@ -122,12 +122,12 @@ while read username uid homedir; do done | awk '$3 != $5 && $5 != "(0)" \ { print "user=" $2 $3 " : home directory is owned by " $4 $5 "." } $1 ~ /^d....w/ && $2 != "lp" && $2 != "mail" \ - { print "user=" $2 $3" : home directory is group writeable." } + { print "user=" $2 $3" : home directory is group writable." } $1 ~ /^d.......w/ \ - { print "user=" $2 $3" : home directory is other writeable." }' > ${TMP} + { print "user=" $2 $3" : home directory is other writable." }' > ${TMP} if [[ -s $TMP ]] ; then - printf "\nSecurity Warning: these home directory should not be owned by someone else or writeable :\n" >> ${SECURITY} + printf "\nSecurity Warning: these home directory should not be owned by someone else or writable :\n" >> ${SECURITY} cat ${TMP} >> ${SECURITY} fi fi # End of check perms diff --git a/doc/msec.lyx b/doc/msec.lyx index 4ec3de4..a906910 100644 --- a/doc/msec.lyx +++ b/doc/msec.lyx @@ -295,7 +295,7 @@ warnings dispatching, periodicall security checks: \layout Quotation -- on files: suid root, writeable, unowned; +- on files: suid root, writable, unowned; \layout Quotation - listening ports: active, promiscuous; @@ -758,7 +758,7 @@ Suid root file md5sum check \newline * \newline -Writeable file check +Writable file check \newline \newline @@ -984,7 +984,7 @@ Suid root file check Suid root file md5sum check \layout Itemize -Writeable file check +Writable file check \layout Itemize Suid group file check @@ -1160,7 +1160,7 @@ Checks the md5sum signature of each suid root file that is on the system. A warning is then issued. \layout Subsection -Writeable file check +Writable file check \layout Standard Check wether files are world writable on the system. diff --git a/doc/security.txt b/doc/security.txt index 8ab5a16..be5ab30 100644 --- a/doc/security.txt +++ b/doc/security.txt @@ -24,7 +24,7 @@ Security level 2 ( Aka normal system ) : - Global security check - Suid root file check - Suid root file md5sum check -- Writeable file check +- Writable file check - Warning in syslog - Warning in /var/log/security.log @@ -41,7 +41,7 @@ Security level 3 ( Aka more secure system ) : - Suid root file check - Suid root file md5sum check - Suid group file check -- Writeable file check +- Writable file check - Unowned file check - Promiscuous check - Listening port check @@ -69,7 +69,7 @@ Security level 4 ( Aka Secured system ) : - Suid root file check - Suid root file md5sum check - Suid group file check -- Writeable file check +- Writable file check - Unowned file check - Promiscuous check - Listening port check @@ -120,7 +120,7 @@ Security level 5 ( Aka Paranoid system ) : - Suid root file check - Suid root file md5sum check - Suid group file check -- Writeable file check +- Writable file check - Unowned file check - Promiscuous check - Listening port check diff --git a/init-sh/custom.sh b/init-sh/custom.sh index dd8b9a5..b22f96f 100755 --- a/init-sh/custom.sh +++ b/init-sh/custom.sh @@ -143,10 +143,10 @@ if [[ ${answer} == yes ]]; then fi ### -echo "Do you want your system to daily check Writeable file change ?" +echo "Do you want your system to daily check Writable file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then - AddRules "CHECK_WRITEABLE=yes" /etc/security/msec/security.conf + AddRules "CHECK_WRITABLE=yes" /etc/security/msec/security.conf WRITE_CRON="true" fi diff --git a/init-sh/level1.sh b/init-sh/level1.sh index a40a22e..ce6b2d7 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -41,7 +41,7 @@ echo -e "\t- Check suid root file integrity (backdoor check) : no." echo -e "\t- Check suid group file : no." AddRules "CHECK_SUID_GROUP=no" /etc/security/msec/security.conf quiet echo -e "\t- Check world writable file : no." - AddRules "CHECK_WRITEABLE=no" /etc/security/msec/security.conf quiet + AddRules "CHECK_WRITABLE=no" /etc/security/msec/security.conf quiet echo -e "\t- Check unowned file : no." AddRules "CHECK_UNOWNED=no" /etc/security/msec/security.conf quiet echo -e "\t- Check promiscuous mode : no." @@ -1,6 +1,6 @@ Summary: Security Level & Program for the Mandrake Linux distribution Name: msec -Version: 0.34.2 +Version: 0.34.3 Release: 1mdk Url: http://www.linux-mandrake.com/ Source0: %{name}-%{version}.tar.bz2 @@ -83,8 +83,24 @@ touch $RPM_BUILD_ROOT/var/log/security.log touch /var/log/security.log if [ $1 != 1 ]; then + # manage spelling change + if [ -f /etc/security/msec/level.local ]; then + perl -pi -e 's/CHECK_WRITEABLE/CHECK_WRITABLE/g' /etc/security/msec/level.local + fi + if [ -f /etc/security/msec/security.conf ]; then + perl -pi -e 's/CHECK_WRITEABLE/CHECK_WRITABLE/g' /etc/security/msec/security.conf + fi + for ext in today yesterday diff; do + if [ -f /var/log/security/writeable.$ext ]; then + mv -f /var/log/security/writeable.$ext /var/log/security/writable.$ext + fi + done + + # find secure level SL=$SECURE_LEVEL [ ! -r /etc/sysconfig/msec ] || SL=`sed -n 's/SECURE_LEVEL=//p' < /etc/sysconfig/msec` || : + + # upgrade from old style msec or rerun the new msec if grep -q "# Mandrake-Security : if you remove this comment" /etc/profile; then [ -z "$SL" -a -r /etc/profile.d/msec.sh ] && SL=`sed -n 's/.*SECURE_LEVEL=//p' < /etc/profile.d/msec.sh` || : /usr/share/msec/cleanold.sh || : @@ -92,6 +108,7 @@ if [ $1 != 1 ]; then else [ -n "$SL" ] && msec < /dev/null || : fi + # remove the old way of doing the daily cron rm -f /etc/cron.d/msec fi @@ -135,6 +152,9 @@ rm -rf $RPM_BUILD_ROOT # MAKE THE CHANGES IN CVS: NO PATCH OR SOURCE ALLOWED %changelog +* Thu Aug 29 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.3-1mdk +- Corrected spelling errors thx to David Relson + * Tue Aug 27 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.2-1mdk - fixed /boot as suggested by Guillaume Rousse. diff --git a/share/README b/share/README index 8d908e7..664d66b 100644 --- a/share/README +++ b/share/README @@ -47,7 +47,7 @@ CHECK_PERMS no no no yes yes yes CHECK_SUID_ROOT no no yes yes yes yes CHECK_SUID_MD5 no no yes yes yes yes CHECK_SUID_GROUP no no yes yes yes yes -CHECK_WRITEABLE no no yes yes yes yes +CHECK_WRITABLE no no yes yes yes yes CHECK_UNOWNED no no no no yes yes CHECK_PROMISC no no no no yes yes CHECK_OPEN_PORT no no no yes yes yes diff --git a/share/libmsec.py b/share/libmsec.py index d67bc12..ccd1f1d 100644 --- a/share/libmsec.py +++ b/share/libmsec.py @@ -156,6 +156,7 @@ is used by chkconfig --add to decide to add a service if it is present in the fi during the installation of packages.''' level = get_server_level() server = ConfigFile.get_config_file(SERVER) + print 'create_server_link', level, server.exists() if level in ('0', '1', '2', '3'): _interactive and log(_('Allowing chkconfig --add from rpm')) server.exists() and server.unlink() @@ -1207,7 +1208,7 @@ RPM_CHECK if set to yes, run some checks against the rpm database. TTY_WARN if set to yes, reports check result to tty. -CHECK_WRITEABLE if set to yes, check files/directories writable by everybody. +CHECK_WRITABLE if set to yes, check files/directories writable by everybody. MAIL_WARN if set to yes, report check result by mail. diff --git a/share/msec.py b/share/msec.py index 4280228..f53ed4f 100755 --- a/share/msec.py +++ b/share/msec.py @@ -233,7 +233,7 @@ FILE_CHECKS = {'CHECK_SECURITY' : ('no', 'yes', 'yes', 'yes', 'yes', 'yes', 'CHECK_SUID_ROOT' : ('no', 'no', 'yes', 'yes', 'yes', 'yes', ), 'CHECK_SUID_MD5' : ('no', 'no', 'yes', 'yes', 'yes', 'yes', ), 'CHECK_SUID_GROUP' : ('no', 'no', 'yes', 'yes', 'yes', 'yes', ), - 'CHECK_WRITEABLE' : ('no', 'no', 'yes', 'yes', 'yes', 'yes', ), + 'CHECK_WRITABLE' : ('no', 'no', 'yes', 'yes', 'yes', 'yes', ), 'CHECK_UNOWNED' : ('no', 'no', 'no', 'no', 'yes', 'yes', ), 'CHECK_PROMISC' : ('no', 'no', 'no', 'no', 'yes', 'yes', ), 'CHECK_OPEN_PORT' : ('no', 'no', 'no', 'yes', 'yes', 'yes', ), diff --git a/src/msec_find/find.c b/src/msec_find/find.c index b1fb2d2..f0446d4 100644 --- a/src/msec_find/find.c +++ b/src/msec_find/find.c @@ -62,7 +62,7 @@ static FILE *suid_fd; static FILE *sgid_fd; static FILE *unowned_user_fd; static FILE *unowned_group_fd; -static FILE *writeable_fd; +static FILE *writable_fd; static int traverse(const char *file, const struct stat *sb, int flag, struct FTW *s) { @@ -105,10 +105,10 @@ static int traverse(const char *file, const struct stat *sb, int flag, struct FT */ case FTW_D: /* - * Is world writeable check. + * Is world writable check. */ if (sb->st_mode & 0002) - fprintf(writeable_fd, "%s\n", file); + fprintf(writable_fd, "%s\n", file); /* * Unowned user check. @@ -145,9 +145,9 @@ __inline__ static void init() exit(1); } - writeable_fd = fopen(getenv("WRITEABLE_TODAY"), mode); - if ( ! writeable_fd ) { - perror("fopen (writeable_today)"); + writable_fd = fopen(getenv("WRITABLE_TODAY"), mode); + if ( ! writable_fd ) { + perror("fopen (writable_today)"); exit(1); } @@ -213,7 +213,7 @@ int main(int argc, char **argv) fclose(suid_fd); fclose(sgid_fd); - fclose(writeable_fd); + fclose(writable_fd); fclose(unowned_user_fd); fclose(unowned_group_fd); |