1 #include <stdio.h>
2 #include <pwd.h>
3 #include <sys/types.h>
4 #include <sys/stat.h>
5
6 /* Any file writable by all will be flagged */
7 #define DMODE 002
8
9 #define MODE1 004
10 #define MODE2 040
11
12 /* #define DMODE2 020 */
13
14 /* potentially dangerous files */
15 char *ftable[] = {
16 "rhosts",
17 "profile",
18 "login",
19 "logout",
20 "cshrc",
21 "bashrc",
22 "kshrc",
23 "tcshrc",
24 "netrc",
25 "forward",
26 "dbxinit",
27 "distfile",
28 "exrc",
29 "emacs"
30 };
31
32 /* .bash_profile
33 .history
34 .rcrc
35 .zlogin
36 .zlogout
37 .zprofile
38 .zshrc */
39
40 char *ft;
41 char *malloc();
42
43 char generic_file[100];
44
main(argc,argv)45 main(argc,argv)
46 int argc;
47 char **argv;
48 {
49 register int fmode;
50 register int index;
51 struct passwd *pp;
52 static struct stat statb;
53
54 if (argc != 1) {
55 printf("Usage: %s\n",argv[0]);
56 exit(1);
57 }
58
59 ft = malloc(100);
60
61 while ((pp = getpwent()) != (struct passwd *)0) {
62 if (stat(pp->pw_dir,&statb) < 0) {
63 continue;
64 }
65
66 index = 0;
67 /*
68 * Use the home-dir, and add on each potential security threat
69 * file to the path one at a time. Then check each file to see
70 * if it breaks with the modes established up above
71 *
72 */
73 for (ft = ftable[index]; index < 14; ft = ftable[++index]) {
74 if (strlen(pp->pw_dir) != 1)
75 sprintf(generic_file, "%s/.%s", pp->pw_dir,ft);
76 else
77 sprintf(generic_file, "%s.%s", pp->pw_dir,ft);
78
79 if (stat(generic_file,&statb) < 0)
80 continue;
81
82 if (statb.st_mode & DMODE)
83 printf("Warning! User %s:\t%s is mode \t0%3.3o!\n",
84 pp->pw_name,generic_file,statb.st_mode&~S_IFMT);
85
86 /* check for mode on .netrc files; should be non-readable */
87 if (!strcmp("netrc", ftable[index]))
88 if (statb.st_mode & MODE1 || statb.st_mode & MODE2)
89 printf("Warning! User %s:\t%s is readable; mode \t0%3.3o!\n",
90 pp->pw_name,generic_file,statb.st_mode&~S_IFMT);
91 }
92
93 }
94
95 exit(0);
96 }
97