19cb3d11 |
1 | .\" -*-nroff-*- |
efa7a97b |
2 | .TH chkpath 1 "6 April 1999" "Local tools" |
3 | .SH NAME |
4 | chkpath \- check a path string for security |
5 | .SH SYNOPSIS |
6 | .B chkpath |
7 | .RB [ \-vqstp ] |
8 | .RI [ path ...] |
9 | .SH USAGE |
10 | The |
11 | .B chkpath |
12 | command checks one or more path strings (i.e., lists of directories |
13 | separated by colons) for security. If no path strings are given, the |
14 | value of the |
15 | .B PATH |
16 | environment variable is examined. |
17 | .PP |
19cb3d11 |
18 | Each directory in turn is broken into its constituent parts and every |
efa7a97b |
19 | step which must be made through the filesystem to reach that directory |
20 | from the root is scrutinized for vulnerabilities. The checks made |
21 | against each directory and symbolic link along the way are as follows: |
4a1f00c4 |
22 | .IP " 1." |
efa7a97b |
23 | No step should be a directory which is world-writable unless its sticky |
24 | bit is set, and it's not the final step. |
4a1f00c4 |
25 | .IP " 2." |
efa7a97b |
26 | No step should be a directory which is group-writable unless its sticky |
27 | bit is set, and it's not the final step. (However, see the |
28 | .B \-t |
29 | option below.) |
4a1f00c4 |
30 | .IP " 3." |
efa7a97b |
31 | No step should be a directory owned by another user (other than root). |
4a1f00c4 |
32 | .IP " 4." |
efa7a97b |
33 | No step should be a symbolic link inside a sticky directory and owned by |
34 | another user. |
35 | .PP |
36 | The author is not aware of any weaknesses in this ruleset. The |
37 | objective is that nobody other than the user and the superuser should be |
38 | able to add or change the set of files available within the directories |
39 | of the path(s). |
1c5f5498 |
40 | .SS Options |
efa7a97b |
41 | The following command line options are available: |
42 | .TP |
43 | .B "\-h, \-\-help" |
44 | Displays a relatively verbose message describing how to use |
45 | .BR chkpath . |
46 | .TP |
47 | .B "\-V, \-\-version" |
48 | Displays |
263d6e0d |
49 | .BR chkpath 's |
efa7a97b |
50 | version number. |
51 | .TP |
52 | .B "\-u, \-\-usage" |
53 | Displays a very terse usage summary. |
54 | .TP |
55 | .B "\-v, \-\-verbose" |
56 | Makes |
57 | .B chkpath |
58 | more verbose about what it's doing. This option has a cumulative |
59 | effect, so put more in for more verbosity. Note that verbose doesn't |
60 | mean the same as interesting. The default is to report problems with |
61 | directories and system errors. |
62 | .TP |
63 | .B "\-q, \-\-quiet" |
64 | Makes |
65 | .B chkpath |
66 | less verbose about what it's doing. This option, like |
67 | .BR \-v , |
68 | has a cumulative effect. Each |
69 | .B \-q |
70 | cancels out a |
71 | .B \-v |
72 | option. |
73 | .TP |
74 | .B "\-s, \-\-sticky" |
75 | Modifies the ruleset slightly so that any step through the filesystem is |
76 | OK, even if world- or group-writable (but not owned by someone else), as |
77 | long as the directory's sticky bit is set. The default is that sticky |
78 | directories are considered safe only if they're not the final step. |
79 | Turning this option on isn't recommended: if you use a sticky directory |
80 | in your path then other people can add malicious commands whose names |
81 | are common typos of standard ones. |
82 | .TP |
83 | .B "\-t, \-\-trust\-group" |
84 | Modifies the ruleset slightly so that |
85 | .B chkpath |
86 | doesn't warn about directories group-owned by groups you're a member |
87 | of. In other words, it trusts your fellow group-members |
1c5f5498 |
88 | .IR "in their capacity as group-owners only" : |
efa7a97b |
89 | .B chkpath |
90 | will still warn about directories owned by people in your groups. |
91 | .TP |
92 | .B "\-p, \-\-print" |
93 | Writes on standard output a colon-separated list of the directories |
94 | which |
95 | .B chkpath |
96 | considered `safe'. This can be used to filter out unsafe directories in |
97 | an automatic way: |
98 | .RS 10 |
99 | .nf |
100 | .ft B |
101 | .sp 1 |
102 | PATH=`chkpath -qqp` |
103 | .ft R |
104 | .fi |
105 | .RE |
106 | .SH BUGS |
107 | None known. |
108 | .SH SEE ALSO |
d7b5ee0c |
109 | .BR tmpdir (1), |
110 | .BR checkpath (3). |
efa7a97b |
111 | .SH AUTHOR |
112 | Mark Wooding (mdw@nsict.org). |