efa7a97b |
1 | .TH chkpath 1 "6 April 1999" "Local tools" |
2 | .SH NAME |
3 | chkpath \- check a path string for security |
4 | .SH SYNOPSIS |
5 | .B chkpath |
6 | .RB [ \-vqstp ] |
7 | .RI [ path ...] |
8 | .SH USAGE |
9 | The |
10 | .B chkpath |
11 | command checks one or more path strings (i.e., lists of directories |
12 | separated by colons) for security. If no path strings are given, the |
13 | value of the |
14 | .B PATH |
15 | environment variable is examined. |
16 | .PP |
17 | Each directory in turn is broken into its consitituent parts and every |
18 | step which must be made through the filesystem to reach that directory |
19 | from the root is scrutinized for vulnerabilities. The checks made |
20 | against each directory and symbolic link along the way are as follows: |
4a1f00c4 |
21 | .IP " 1." |
efa7a97b |
22 | No step should be a directory which is world-writable unless its sticky |
23 | bit is set, and it's not the final step. |
4a1f00c4 |
24 | .IP " 2." |
efa7a97b |
25 | No step should be a directory which is group-writable unless its sticky |
26 | bit is set, and it's not the final step. (However, see the |
27 | .B \-t |
28 | option below.) |
4a1f00c4 |
29 | .IP " 3." |
efa7a97b |
30 | No step should be a directory owned by another user (other than root). |
4a1f00c4 |
31 | .IP " 4." |
efa7a97b |
32 | No step should be a symbolic link inside a sticky directory and owned by |
33 | another user. |
34 | .PP |
35 | The author is not aware of any weaknesses in this ruleset. The |
36 | objective is that nobody other than the user and the superuser should be |
37 | able to add or change the set of files available within the directories |
38 | of the path(s). |
39 | .SS OPTIONS |
40 | The following command line options are available: |
41 | .TP |
42 | .B "\-h, \-\-help" |
43 | Displays a relatively verbose message describing how to use |
44 | .BR chkpath . |
45 | .TP |
46 | .B "\-V, \-\-version" |
47 | Displays |
48 | .BR chkpath 's |
49 | version number. |
50 | .TP |
51 | .B "\-u, \-\-usage" |
52 | Displays a very terse usage summary. |
53 | .TP |
54 | .B "\-v, \-\-verbose" |
55 | Makes |
56 | .B chkpath |
57 | more verbose about what it's doing. This option has a cumulative |
58 | effect, so put more in for more verbosity. Note that verbose doesn't |
59 | mean the same as interesting. The default is to report problems with |
60 | directories and system errors. |
61 | .TP |
62 | .B "\-q, \-\-quiet" |
63 | Makes |
64 | .B chkpath |
65 | less verbose about what it's doing. This option, like |
66 | .BR \-v , |
67 | has a cumulative effect. Each |
68 | .B \-q |
69 | cancels out a |
70 | .B \-v |
71 | option. |
72 | .TP |
73 | .B "\-s, \-\-sticky" |
74 | Modifies the ruleset slightly so that any step through the filesystem is |
75 | OK, even if world- or group-writable (but not owned by someone else), as |
76 | long as the directory's sticky bit is set. The default is that sticky |
77 | directories are considered safe only if they're not the final step. |
78 | Turning this option on isn't recommended: if you use a sticky directory |
79 | in your path then other people can add malicious commands whose names |
80 | are common typos of standard ones. |
81 | .TP |
82 | .B "\-t, \-\-trust\-group" |
83 | Modifies the ruleset slightly so that |
84 | .B chkpath |
85 | doesn't warn about directories group-owned by groups you're a member |
86 | of. In other words, it trusts your fellow group-members |
87 | .IR "in their capacity as group-owners only" . |
88 | .B chkpath |
89 | will still warn about directories owned by people in your groups. |
90 | .TP |
91 | .B "\-p, \-\-print" |
92 | Writes on standard output a colon-separated list of the directories |
93 | which |
94 | .B chkpath |
95 | considered `safe'. This can be used to filter out unsafe directories in |
96 | an automatic way: |
97 | .RS 10 |
98 | .nf |
99 | .ft B |
100 | .sp 1 |
101 | PATH=`chkpath -qqp` |
102 | .ft R |
103 | .fi |
104 | .RE |
105 | .SH BUGS |
106 | None known. |
107 | .SH SEE ALSO |
108 | .BR tmpdir (1). |
109 | .SH AUTHOR |
110 | Mark Wooding (mdw@nsict.org). |