~mdw
/
checkpath
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
7246215
)
Trivial formatting changes.
author
mdw
<mdw>
Fri, 21 May 1999 22:19:10 +0000
(22:19 +0000)
committer
mdw
<mdw>
Fri, 21 May 1999 22:19:10 +0000
(22:19 +0000)
chkpath.1
patch
|
blob
|
blame
|
history
tmpdir.1
patch
|
blob
|
blame
|
history
diff --git
a/chkpath.1
b/chkpath.1
index
5742f50
..
313f0a8
100644
(file)
--- a/
chkpath.1
+++ b/
chkpath.1
@@
-18,17
+18,17
@@
Each directory in turn is broken into its consitituent parts and every
step which must be made through the filesystem to reach that directory
from the root is scrutinized for vulnerabilities. The checks made
against each directory and symbolic link along the way are as follows:
step which must be made through the filesystem to reach that directory
from the root is scrutinized for vulnerabilities. The checks made
against each directory and symbolic link along the way are as follows:
-.IP
1.
+.IP
" 1."
No step should be a directory which is world-writable unless its sticky
bit is set, and it's not the final step.
No step should be a directory which is world-writable unless its sticky
bit is set, and it's not the final step.
-.IP
2.
+.IP
" 2."
No step should be a directory which is group-writable unless its sticky
bit is set, and it's not the final step. (However, see the
.B \-t
option below.)
No step should be a directory which is group-writable unless its sticky
bit is set, and it's not the final step. (However, see the
.B \-t
option below.)
-.IP
3.
+.IP
" 3."
No step should be a directory owned by another user (other than root).
No step should be a directory owned by another user (other than root).
-.IP
4.
+.IP
" 4."
No step should be a symbolic link inside a sticky directory and owned by
another user.
.PP
No step should be a symbolic link inside a sticky directory and owned by
another user.
.PP
diff --git
a/tmpdir.1
b/tmpdir.1
index
4b690ff
..
e1edea8
100644
(file)
--- a/
tmpdir.1
+++ b/
tmpdir.1
@@
-28,10
+28,10
@@
The
.B tmpdir
program finds a secure place for temporary files, creating one if
necessary. The criteria it uses to choose a place are as follows:
.B tmpdir
program finds a secure place for temporary files, creating one if
necessary. The criteria it uses to choose a place are as follows:
-.IP
1.
+.IP
" 1."
The temporary directory must be owned by the user, and have mode 700
(i.e., readable, writable and searchable only by the owner).
The temporary directory must be owned by the user, and have mode 700
(i.e., readable, writable and searchable only by the owner).
-.IP
2.
+.IP
" 2."
The path through the filesystem to the temporary directory must be
secure against modifications by other malicious users. See the
.BR chkpath (1)
The path through the filesystem to the temporary directory must be
secure against modifications by other malicious users. See the
.BR chkpath (1)