Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 23 Sep 1999 08:09:14 +1000
From:      Peter Jeremy <jeremyp@gsmx07.alcatel.com.au>
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Subject:   bin/13909: /etc/security problems: IPFIREWALL and passwd comments
Message-ID:  <99Sep23.080649est.40380@border.alcanet.com.au>

next in thread | raw e-mail | index | archive | help

>Number:         13909
>Category:       bin
>Synopsis:       /etc/security problems: IPFIREWALL and passwd comments
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 22 15:10:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator:     Peter Jeremy
>Release:        FreeBSD 4.0-CURRENT i386
>Organization:
Alcatel Australia Limited
>Environment:

	cvs-cur 5686

>Description:

	/etc/security (normally run nightly) incorrectly reports '#' as
	a passwordless account, and if the kernel does not include
	IPFIREWALL, it reports '[: 0: unexpected operator'

>How-To-Repeat:

	Install the standard .../src/etc/master.passwd and run a kernel
	without IPFIREWALL (GENERIC should do).  Run /etc/security.  The
	output will include:

checking for passwordless accounts:
#
[: 0: unexpected operator

>Fix:

	1) Ignore comment lines in /etc/master.passwd when checking
	   for passwordless accounts.
	2) Put reference to ${IPFW_LOG_LIMIT} inside quotes so the
	   test becomes [ 1 -eq 0 -a "" -ne 0 ], rather than
	   [ 1 -eq 0 -a -ne 0 ] if net.inet.ip.fw.verbose_limit
	   does not exist (ie if IPFIREWALL not in kernel).

Index: src/etc/security
===================================================================
RCS file: /home/CVSROOT/./src/etc/security,v
retrieving revision 1.33
diff -u -r1.33 security
--- security	1999/09/13 15:44:18	1.33
+++ security	1999/09/22 21:37:27
@@ -55,7 +55,7 @@
 
 separator
 echo "checking for passwordless accounts:"
-awk -F: '$1 !~ /^\+/ && $2=="" {print $0}' /etc/master.passwd
+awk -F: '$1 !~ /^[#+]/ && $2=="" {print $0}' /etc/master.passwd
 
 # Show denied packets
 #
@@ -78,7 +78,7 @@
 # Show ipfw rules which have reached the log limit
 #
 IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
-if [ $? -eq 0 -a ${IPFW_LOG_LIMIT} -ne 0 ]; then
+if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then
 	ipfw -a l | grep " log " | perl -n -e \
 		'/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP}
 	if [ -s ${TMP} ]; then


--
Peter Jeremy (VK2PJ)                    peter.jeremy@alcatel.com.au
Alcatel Australia Limited
41 Mandible St                          Phone: +61 2 9690 5019
ALEXANDRIA  NSW  2015                   Fax:   +61 2 9690 5982

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Sep23.080649est.40380>