#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 1, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# sub/check_suid - 06/14/93
#
#-----------------------------------------------------------------------------
# This script is not runnable directly.
# 
inputfile="$1"

[ "$CONFIGURED_ALREADY" != "YES" ] && {
  echo "--ERROR-- [init008e] This script can not be run directly."
  exit 1
}

. $BASEDIR/initdefs

#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds RM FILECMD SGREP LS STRINGS SORT COMM CAT AWK || exit 1
  haveallfiles BASEDIR WORKDIR SUID_LIST || exit 1
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------
echo
echo "# Checking setuid executables..."

haveallfiles BASEDIR WORKDIR || exit 1

[ -n "$TigerCheckEmbedded" -a "x$Tiger_Embed_Check_SUID" = 'xY' ] && {
  while read file
  do
    $LS -lLd "$file" 2>/dev/null | {
      read p l owner rest
      [ "$owner" = root ] && echo "$file" >> $TigerCheckEmbedded
    }
  done
}

haveallcmds FILECMD LS SGREP STRINGS && {
  while read file
  do
    $FILECMD "$file" 2>/dev/null | $SGREP script 2>/dev/null && {
      message FAIL fsys001f "" "File $file is a setuid script:"
      $LS $LSGROUP -ld "$file"
    }

    case "$file" in
    *xterm) {
      message WARN misc013w "" "$file: see CERT Advisory CA-93:17 about a security hole in xterm (does not apply to HP-UX)."
    }
    ;;
    esac
  
    $STRINGS - "$file" 2>/dev/null |
    $SGREP '\.\./' 2>/dev/null && {
      $SGREP "$file" $REL_FILE_EXCP 2>/dev/null || {
	case "$file" in
	  */xload)
	  message WARN misc015w "" "$file appears to contain relative pathnames.  There is a known security vulnerability with xload in this configuration."
	  ;;
	  # The following is contributed by Bob Hall for HP-UX (it is not active by default)
	  # TODO: find a way to read this from a file and check them instead of the case
# /sbin/lvchange) ;;
# /sbin/lvcreate) ;;
# /sbin/lvdisplay) ;;
# /sbin/lvextend) ;;
# /sbin/lvlnboot) ;;
# /sbin/lvmerge) ;;
# /sbin/lvsplit) ;;
# /sbin/lvsync) ;;
# /sbin/lvreduce) ;;
# /sbin/lvremove) ;;
# /sbin/lvrmboot) ;;
# /sbin/passwd) ;;
# /sbin/pvchange) ;;
# /sbin/pvck) ;;
# /sbin/pvcreate) ;;
# /sbin/pvdisplay) ;;
# /sbin/pvmove) ;;
# /sbin/pvremove) ;;
# /sbin/sdstolvm) ;;
# /sbin/shutdown) ;;
# /sbin/vgcfgbackup) ;;
# /sbin/vgcfgrestore) ;;
# /sbin/vgchange) ;;
# /sbin/vgchgid) ;;
# /sbin/vgcreate) ;;
# /sbin/vgdisplay) ;;
# /sbin/vgexport) ;;
# /sbin/vgextend) ;;
# /sbin/vgimport) ;;
# /sbin/vgreduce) ;;
# /sbin/vgremove) ;;
# /sbin/vgscan) ;;
# /sbin/vgsync) ;;
# /sbin/nomwcsyncd) ;;
# /usr/bin/X11/X) ;;
# /usr/lbin/chgpt) ;;
# /usr/sbin/sd) ;;
# /usr/bin/at) ;;
# /usr/bin/chkey) ;;
# /usr/bin/ct) ;;
# /usr/lbin/grmd) ;;
# /usr/sam/lbin/rsam) ;;
# /usr/sbin/swacl) ;;
# /usr/sbin/swask) ;;
# /usr/sbin/swconfig) ;;
# /usr/sbin/swcopy) ;;
# /usr/sbin/swinstall) ;;
# /usr/sbin/swjob) ;;
# /usr/sbin/swlist) ;;
# /usr/sbin/swmodify) ;;
# /usr/sbin/swpackage) ;;
# /usr/sbin/swreg) ;;
# /usr/sbin/swremove) ;;
# /usr/sbin/swverify) ;;
# /usr/dt/bin/dtsession) ;;
# /usr/dt/bin/dtterm) ;;
          *)
	  message WARN fsys002w "" "setuid program $file has relative pathnames."
          ;;
        esac
      }
    }
    getpermit "$file" |
    pathmsg . suidxxx "$file" . "Setuid file" ""
  done < $inputfile
  
  echo
}

haveallcmds SORT COMM CAT && {
  if [ -n "$SUID_LIST" -a -s "$SUID_LIST" ]; then
    $SORT $SUID_LIST |
    $COMM -23 $inputfile - > $WORKDIR/suid.list.$$
  else
    message CONFIG fsys003c "" 'No setuid list... listing all setuid files'
    $CAT $inputfile > $WORKDIR/suid.list.$$
  fi
}

haveallcmds LS AWK && {
  [ -s $WORKDIR/suid.list.$$ ] && {
    message INFO fsys004i "" 'The following setuid programs are non-standard:'
    while read file
    do
      $LS $LSGROUP -ld "$file"
    done < $WORKDIR/suid.list.$$ |
    $AWK '{printf("%10s %-8s %-8s %s\n", $1, $3, $4, $NF);}' |
    $SORT
    echo
  }
}

#
# Try to locate setuid copies of any executables we have signatures
# for.
#
haveallcmds SORT AWK COMM GREP LS SNEFRU &&
haveallfiles SIGNATURE_FILE && {
  $SORT $WORKDIR/suid.list.$$ > $WORKDIR/suid.$$
  $AWK '{print $3}' $SIGNATURE_FILE |
  $SORT |
  $COMM -13 - $WORKDIR/suid.$$ |
  while read file
  do
    loc_signature=
    case "$p1$p2$p3$p4$p5$p6$p7$p8" in
      *[!0-9a-f]*) {
	std_signature="$p1"
	comment="$p2 $p3 $p4 $p5 $p6 $p7 $p8 $comment"
	[ -n "$MD5" ] && loc_signature="`$MD5 < $file`"
      }
      ;;
      *) {
	std_signature=" $p1 $p2 $p3 $p4 $p5 $p6 $p7 $p8"
	[ -n "$SNEFRU" ] && loc_signature="`$SNEFRU < $file`"
      }
      ;;
    esac
    [ -n "$loc_signature" ] && {
      $GREP "$loc_signature" $SIGNATURE_FILE | {
	read flag msgid rfile p1 p2 p3 p4 p5 p6 p7 p8 comment
	[ -n "$rfile" -a "$file" != "$rfile" ] && {
	  message ALERT suid001a "" "\`$file' is a setuid copy of $rfile [$comment]."
	  $LS -ld $LSGROUP $file
	}
      }
    }
  done
}

delete $WORKDIR/suid.list.$$ $WORKDIR/suid.$$
