2 .TH chkpath 1 "6 April 1999" "Local tools"
4 chkpath \- check a path string for security
12 command checks one or more path strings (i.e., lists of directories
13 separated by colons) for security. If no path strings are given, the
16 environment variable is examined.
18 Each directory in turn is broken into its constituent parts and every
19 step which must be made through the filesystem to reach that directory
20 from the root is scrutinized for vulnerabilities. The checks made
21 against each directory and symbolic link along the way are as follows:
23 No step should be a directory which is world-writable unless its sticky
24 bit is set, and it's not the final step.
26 No step should be a directory which is group-writable unless its sticky
27 bit is set, and it's not the final step. (However, see the
31 No step should be a directory owned by another user (other than root).
33 No step should be a symbolic link inside a sticky directory and owned by
36 The author is not aware of any weaknesses in this ruleset. The
37 objective is that nobody other than the user and the superuser should be
38 able to add or change the set of files available within the directories
41 The following command line options are available:
44 Displays a relatively verbose message describing how to use
53 Displays a very terse usage summary.
58 more verbose about what it's doing. This option has a cumulative
59 effect, so put more in for more verbosity. Note that verbose doesn't
60 mean the same as interesting. The default is to report problems with
61 directories and system errors.
66 less verbose about what it's doing. This option, like
68 has a cumulative effect. Each
75 Modifies the ruleset slightly so that any step through the filesystem is
76 OK, even if world- or group-writable (but not owned by someone else), as
77 long as the directory's sticky bit is set. The default is that sticky
78 directories are considered safe only if they're not the final step.
79 Turning this option on isn't recommended: if you use a sticky directory
80 in your path then other people can add malicious commands whose names
81 are common typos of standard ones.
83 .B "\-t, \-\-trust\-group"
84 Modifies the ruleset slightly so that
86 doesn't warn about directories group-owned by groups you're a member
87 of. In other words, it trusts your fellow group-members
88 .IR "in their capacity as group-owners only" :
90 will still warn about directories owned by people in your groups.
93 Writes on standard output a colon-separated list of the directories
96 considered `safe'. This can be used to filter out unsafe directories in
112 Mark Wooding (mdw@nsict.org).