missing
mkinstalldirs
depcomp
+config
COPYING
-lib-config.in
+config/confsubst
-## -*-makefile-*-
-##
-## $Id: Makefile.am,v 1.6 2004/04/08 01:36:22 mdw Exp $
-##
-## Makefile for chkpath
-##
-## (c) 1999 Mark Wooding
-##
-
-##----- Licensing notice ----------------------------------------------------
-##
-## This file is part of chkpath.
-##
-## chkpath is free software; you can redistribute it and/or modify
-## it under the terms of the GNU General Public License as published by
-## the Free Software Foundation; either version 2 of the License, or
-## (at your option) any later version.
-##
-## chkpath is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-## GNU General Public License for more details.
-##
-## You should have received a copy of the GNU General Public License
-## along with chkpath; if not, write to the Free Software Foundation,
-## Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-AUTOMAKE_OPTIONS = foreign
-
-lib_LTLIBRARIES = libcheckpath.la
-libcheckpath_la_LDFLAGS = -version-info 2:0:1
-## Middle number is the patchlevel. Final number is the minor version. The
-## difference between the first and last numbers is the major version.
-libcheckpath_la_SOURCES = checkpath.c
-include_HEADERS = checkpath.h
-
-bin_SCRIPTS = checkpath-config
-bin_PROGRAMS = chkpath tmpdir
-man_MANS = chkpath.1 tmpdir.1 checkpath.3
-
-EXTRA_DIST = \
- $(man_MANS) \
- debian/control debian/copyright debian/changelog debian/rules
-
-chkpath_SOURCES = chkpath.c
-tmpdir_SOURCES = tmpdir.c
-LDADD = libcheckpath.la
-
-##----- That's all, folks ---------------------------------------------------
+### -*-makefile-*-
+###
+### Makefile for chkpath
+###
+### (c) 1999 Mark Wooding
+###
+
+###----- Licensing notice ---------------------------------------------------
+###
+### This file is part of chkpath.
+###
+### chkpath is free software; you can redistribute it and/or modify
+### it under the terms of the GNU General Public License as published by
+### the Free Software Foundation; either version 2 of the License, or
+### (at your option) any later version.
+###
+### chkpath is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with chkpath; if not, write to the Free Software Foundation,
+### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+bin_PROGRAMS =
+lib_LTLIBRARIES =
+include_HEADERS =
+dist_man_MANS =
+
+CLEANFILES =
+EXTRA_DIST =
+
+###--------------------------------------------------------------------------
+### Library.
+
+## The library itself.
+lib_LTLIBRARIES += libcheckpath.la
+libcheckpath_la_SOURCES =
+libcheckpath_la_LDFLAGS = -version-info $(LIBTOOL_VERSION_INFO)
+libcheckpath_la_LIBADD = $(mLib_LIBS)
+dist_man_MANS += checkpath.3
+
+libcheckpath_la_SOURCES += checkpath.c
+include_HEADERS += checkpath.h
+
+## Package description.
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = checkpath.pc
+CLEANFILES += checkpath.pc
+EXTRA_DIST += checkpath.pc.in
+
+checkpath.pc: checkpath.pc.in Makefile
+ $(top_srcdir)/config/confsubst $(srcdir)/checkpath.pc.in >$@.new \
+ prefix=$(prefix) exec_prefix=$(exec_prefix) \
+ libdir=$(libdir) includedir=$(includedir) \
+ VERSION=$(VERSION)
+ mv $@.new $@
+
+###--------------------------------------------------------------------------
+### Programs.
+
+LDADD = libcheckpath.la $(mLib_LIBS)
+
+## chkpath
+bin_PROGRAMS += chkpath
+dist_man_MANS += chkpath.1
+
+## tmpdir
+bin_PROGRAMS += tmpdir
+dist_man_MANS += tmpdir.1
+
+###--------------------------------------------------------------------------
+### Other finishing touches.
+
+## Version stamp.
+dist-hook::
+ echo $(VERSION) >$(distdir)/RELEASE
+
+## Build tools.
+EXTRA_DIST += config/confsubst
+
+###--------------------------------------------------------------------------
+### Debian.
+
+## Main stuff.
+EXTRA_DIST += debian/rules
+EXTRA_DIST += debian/copyright
+EXTRA_DIST += debian/control
+EXTRA_DIST += debian/changelog
+
+## Library.
+EXTRA_DIST += debian/libcheckpath1.install
+EXTRA_DIST += debian/libcheckpath-dev.install
+
+## Binaries.
+EXTRA_DIST += debian/tmpdir.install
+EXTRA_DIST += debian/chkpath.install
+
+###----- That's all, folks --------------------------------------------------
users and groups can change the files or file contents accessible
through the path.
.PP
-The function is given a
+The function is given a
.I path
to be checked, and a pointer
.I cp
This structure contains the following members:
.TP
.B "uid_t cp_uid"
-The user running the check. Files and directories owned by
+The user running the check. Files and directories owned by
.B root
(uid 0) and by
.B cp_uid
.TP
.B "gid_t cp_gid[NGROUPS_MAX + 1]"
The groups of which the user is a member. Files whose groups are in
-this set may be considered safe, depending on the
+this set may be considered safe, depending on the
.B cp_what
configuration. See below.
.TP
The number of gids in the
.B cp_gid
array.
-.TP
+.TP
.B "int cp_verbose"
The verbosity level. Messages are only given to the reporting function
if their verbosity level is less than or equal to this setting. As a
.B "unsigned cp_what"
A bitmask of flags determining what conditions are considered problems,
and other behaviour. See below.
-.TP
+.TP
.B "void (*cp_report)(...)"
The reporting function. See below.
.TP
* (c) 1999 Mark Wooding
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of chkpath.
*
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
- *
+ *
* chkpath is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with chkpath; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
/*----- Header files ------------------------------------------------------*/
+#include "config.h"
+
#include <errno.h>
#include <stdarg.h>
#include <stdio.h>
cp->cp_uid = getuid();
n = getgroups(sizeof(cp->cp_gid) / sizeof(cp->cp_gid[0]), cp->cp_gid);
-
+
for (i = 0; i < n; i++) {
if (cp->cp_gid[i] == g)
goto gid_ok;
* (c) 1999 Mark Wooding
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of chkpath.
*
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
- *
+ *
* chkpath is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with chkpath; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
--- /dev/null
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+configdir=@configdir@
+socketdir=@socketdir@
+
+Name: Checkpath
+Description: Check filesystem paths for security problems.
+Version: @VERSION@
.TP
.B "\-V, \-\-version"
Displays
-.BR chkpath 's
+.BR chkpath 's
version number.
.TP
.B "\-u, \-\-usage"
* (c) 1999 Mark Wooding
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of chkpath.
*
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
- *
+ *
* chkpath is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with chkpath; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
/*----- Header files ------------------------------------------------------*/
+#include "config.h"
+
#include <errno.h>
#include <limits.h>
#include <stdio.h>
{ "print", 0, 0, 'p' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "hVu vqstp", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "hVu" "vqstp", opts, 0, 0, 0);
if (i < 0)
break;
-dnl -*-m4-*-
-dnl
-dnl $Id: configure.in,v 1.5 2004/04/08 01:36:22 mdw Exp $
+dnl -*-autoconf-*-
dnl
dnl Configurator for chkpath
dnl
dnl (c) 1999 Mark Wooding
dnl
-dnl ----- Licensing notice --------------------------------------------------
+dnl----- Licensing notice ---------------------------------------------------
dnl
dnl This file is part of chkpath.
dnl
dnl it under the terms of the GNU General Public License as published by
dnl the Free Software Foundation; either version 2 of the License, or
dnl (at your option) any later version.
-dnl
+dnl
dnl chkpath is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
dnl GNU General Public License for more details.
-dnl
+dnl
dnl You should have received a copy of the GNU General Public License
dnl along with chkpath; if not, write to the Free Software Foundation,
dnl Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-AC_INIT(chkpath.c)
-mdw_INIT_LIB(checkpath, checkpath, 1.1.0, chkpath)
+mdw_AUTO_VERSION
+AC_INIT([Checkpath], AUTO_VERSION, [mdw@distorted.org.uk])
+AC_CONFIG_SRCDIR([checkpath.c])
+AC_CONFIG_AUX_DIR([config])
+AM_INIT_AUTOMAKE([foreign])
+
+dnl--------------------------------------------------------------------------
+dnl C language environemnt.
+
+dnl Compiler and tools.
AC_PROG_CC
-mdw_GCC_FLAGS
+AX_CFLAGS_WARN_ALL
AM_PROG_LIBTOOL
-mdw_MLIB(1.6.0)
-AC_OUTPUT(Makefile checkpath-config:lib-config.in)
+mdw_LIBTOOL_VERSION_INFO
+
+dnl Types.
+AC_TYPE_UID_T
+
+dnl Packages.
+PKG_CHECK_MODULES([mLib], [mLib >= 2.0.4])
+
+dnl--------------------------------------------------------------------------
+dnl Output.
+
+AC_CONFIG_FILES([Makefile])
+AC_CONFIG_HEADER([config/config.h])
+
+AC_OUTPUT
-dnl ----- That's all, folks -------------------------------------------------
+dnl----- That's all, folks --------------------------------------------------
checkpath
checkpath1
libcheckpath1
+tmpdir
+chkpath
+compat
+stamp-*
+q
--- /dev/null
+debian/tmp/usr/bin/chkpath
+debian/tmp/usr/share/man/man1/chkpath.1
Source: checkpath
Section: admin
Priority: extra
-Build-Depends: mlib-dev, debhelper (>= 4.0.2)
-Maintainer: Mark Wooding <mdw@nsict.org>
+Build-Depends: mlib-dev, cdbs
+Maintainer: Mark Wooding <mdw@distorted.org.uk>
Standards-Version: 3.1.1
Package: checkpath
+Architecture: all
+Depends: chkpath, tmpdir
+Description: Convenience package for the checkpath binaries.
+
+Package: tmpdir
Architecture: any
-Depends: ${shlibs:Depends}, libcheckpath1 (= ${Source-Version})
+Depends: ${shlibs:Depends}
+Description: Create a secure temporary directory.
+ tmpdir creates a temporary directory which can't be subverted by other
+ users. Nobody except you and root will be able to read or write to your
+ temporary directory, or make you refer to files outside of it by messing
+ with parent directories.
+
+Package: chkpath
+Architecture: any
+Depends: ${shlibs:Depends}
Description: Checks PATH variable for security
- Contains two handy programs.
- chkpath -- Warns about other users who can write to directories on
- your PATH, or rename them, or whatever. If checkpath gives you a
- clean bill of health then nobody but you and root can make command
- names mean different things without direct write access to the
- program files.
- tmpdir -- Creates a temporary directory which can't be subverted by
- other users. Nobody except you and root will be able to read or
- write to your temporary directory, or make you refer to files
- outside of it by messing with parent directories.
+ chkpath warns about other users who can write to directories on your PATH,
+ or rename them, or whatever. If checkpath gives you a clean bill of health
+ then nobody but you and root can make command names mean different things
+ without direct write access to the program files.
Package: libcheckpath1
Architecture: any
Section: libs
Depends: ${shlibs:Depends}
Description: Checks paths for security
- Walks a pathname, checking every symlink and directory on the way,
- and issuing alerts if any element is writable by someone other than
- the calling uid or root. Useful if you're paranoid. This package
- just contains the shared library. If you want to write programs which
- use this library, you need libcheckpath-dev.
+ Walks a pathname, checking every symlink and directory on the way, and
+ issuing alerts if any element is writable by someone other than the calling
+ uid or root. Useful if you're paranoid. This package just contains the
+ shared library. If you want to write programs which use this library, you
+ need libcheckpath-dev.
Package: libcheckpath-dev
Architecture: any
Section: devel
Depends: libcheckpath1 (= ${Source-Version}), mlib-dev (>= 2.0.0), libc6-dev
Description: Checks paths for security
- Walks a pathname, checking every symlink and directory on the way,
- and issuing alerts if any element is writable by someone other than
- the calling uid or root. Useful if you're paranoid. This package
- contains the header files and static libraries you need to compile
- programs which use the library.
+ Walks a pathname, checking every symlink and directory on the way, and
+ issuing alerts if any element is writable by someone other than the calling
+ uid or root. Useful if you're paranoid. This package contains the header
+ files and static libraries you need to compile programs which use the
+ library.
--- /dev/null
+debian/tmp/usr/include
+debian/tmp/usr/share/man/man3
+debian/tmp/usr/lib/libcheckpath.la
+debian/tmp/usr/lib/libcheckpath.so
--- /dev/null
+debian/tmp/usr/lib/libcheckpath.so.*
#! /usr/bin/make -f
-export DH_COMPAT = 4
+CDBS = /usr/share/cdbs/1
+include $(CDBS)/class/autotools.mk
+include $(CDBS)/rules/debhelper.mk
-build:
- rm -rf build deb-build
- mkdir deb-build
- cd deb-build; ../configure --prefix=/usr --mandir=/usr/share/man
- make -C deb-build
- touch build
+###--------------------------------------------------------------------------
+### General settings.
-clean:
- dh_clean
- rm -rf deb-build build
+DEB_BUILDDIR = $(CURDIR)/build
-install: build
- dh_clean
- make -C deb-build install DESTDIR=`pwd`/debian/checkpath
- mkdir -p debian/libcheckpath1/usr debian/libcheckpath-dev/usr
- mv debian/checkpath/usr/lib debian/libcheckpath1/usr/lib
- mkdir -p debian/libcheckpath-dev/usr/lib
- mv debian/libcheckpath1/usr/lib/*.a debian/libcheckpath-dev/usr/lib
- mv debian/libcheckpath1/usr/lib/*.so debian/libcheckpath-dev/usr/lib
- mv debian/libcheckpath1/usr/lib/*.la debian/libcheckpath-dev/usr/lib
- mkdir -p debian/libcheckpath-dev/usr/share/man
- mv debian/checkpath/usr/share/man/man3 \
- debian/libcheckpath-dev/usr/share/man
- mkdir -p debian/libcheckpath-dev/usr/bin
- mv debian/checkpath/usr/bin/checkpath-config \
- debian/libcheckpath-dev/usr/bin
-
-binary-indep:
-
-binary-arch: install
- dh_testdir -a
- dh_testroot -a
- dh_compress -a
- dh_installdocs -a
- dh_strip -a
- dh_makeshlibs -a -V
- dh_shlibdeps -a
- dh_gencontrol -a
- dh_fixperms -a
- dh_installdeb -a
- dh_md5sums -a
- dh_builddeb -a
-
-binary: binary-indep binary-arch
-
-source:
- rm -rf deb-build/*.tar.gz deb-build/=deb=
- make -C deb-build dist PACKAGE=checkpath
- mkdir deb-build/=deb=
- cd deb-build/=deb=; tar xvfz ../*.tar.gz
- d=`pwd`; cd ..; dpkg-source -i -b $$d/deb-build/=deb=/*
- rm -rf deb-build/=deb=
-
-.PHONY: binary binary-arch binary-indep clean install source
+###----- That's all, folks --------------------------------------------------
--- /dev/null
+debian/tmp/usr/bin/tmpdir
+debian/tmp/usr/share/man/man1/tmpdir.1
The
.B tmpdir
program creates a secure place for temporary files to be stored, and
-outputs an assignment to the
+outputs an assignment to the
.B TMPDIR
variable suitable for execution by a shell.
.PP
* (c) 1999 Mark Wooding
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of chkpath.
*
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
- *
+ *
* chkpath is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with chkpath; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
/*----- Header files ------------------------------------------------------*/
+#include "config.h"
+
#include <errno.h>
#include <ctype.h>
#include <stdio.h>
*/
static int fullcheck(const char *p)
-{
- return (checkpath(p, &cp) == 0 && ok(p, 0));
-}
+ { return (checkpath(p, &cp) == 0 && ok(p, 0)); }
/* --- @goodtmp@ --- *
*
/* --- Try making a directory in `/tmp' --- */
- if (!(q = getenv("USER")) && !(q = getenv("LOGNAME")))
- q = pw->pw_name;
- if ((q = trytmp("/tmp", q)) != 0)
+ if ((q = trytmp("/tmp", pw->pw_name)) != 0)
return (q);
/* --- That failed: try a directory in the user's home --- */
- if (!(q = getenv("HOME")))
- q = pw->pw_dir;
- if ((q = trytmp(q, "tmp")) != 0)
+ if ((q = trytmp(pw->pw_dir, "tmp")) != 0)
return (q);
/* --- Still no joy: give up --- *
/* --- Initialize variables --- */
ego(argv[0]);
- me = getuid();
+ me = geteuid();
cp.cp_what = (CP_WRWORLD | CP_WROTHGRP | CP_WROTHUSR |
CP_STICKYOK | CP_REPORT);
cp.cp_verbose = 0;
{ "group", OPTF_ARGREQ, 0, 'g' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "hVu bcvtg:c:", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "hVu" "bcvtg:c:", opts, 0, 0, 0);
if (i < 0)
break;