chkpath \- check a path string for security
.SH SYNOPSIS
.B chkpath
-.RB [ \-vqstp ]
+.RB [ \-pqstv ]
.RB [ \-g
.IR group ]
.RI [ path ...]
.B "\-u, \-\-usage"
Displays a very terse usage summary.
.TP
-.B "\-v, \-\-verbose"
-Makes
-.B chkpath
-more verbose about what it's doing. This option has a cumulative
-effect, so put more in for more verbosity. Note that verbose doesn't
-mean the same as interesting. The default is to report problems with
-directories and system errors.
-.TP
.BI "\-g, \-\-group " group
Consider members of
.I group
.BR /etc/group )
or a numeric gid in decimal.
.TP
+.B "\-p, \-\-print"
+Writes on standard output a colon-separated list of the directories
+which
+.B chkpath
+considered `safe'. This can be used to filter out unsafe directories in
+an automatic way:
+.RS 10
+.nf
+.ft B
+.sp 1
+PATH=`chkpath -qqp`
+.ft R
+.fi
+.RE
+.TP
.B "\-q, \-\-quiet"
Makes
.B chkpath
.B chkpath
will still warn about directories owned by people in your groups.
.TP
-.B "\-p, \-\-print"
-Writes on standard output a colon-separated list of the directories
-which
+.B "\-v, \-\-verbose"
+Makes
.B chkpath
-considered `safe'. This can be used to filter out unsafe directories in
-an automatic way:
-.RS 10
-.nf
-.ft B
-.sp 1
-PATH=`chkpath -qqp`
-.ft R
-.fi
-.RE
+more verbose about what it's doing. This option has a cumulative
+effect, so put more in for more verbosity. Note that verbose doesn't
+mean the same as interesting. The default is to report problems with
+directories and system errors.
.SH BUGS
None known.
.SH SEE ALSO
/* --- @usage@ --- */
static void usage(FILE *fp)
- { fprintf(fp, "Usage: %s [-vqstp] [-g NAME] [PATH...]\n", QUIS); }
+ { fprintf(fp, "Usage: %s [-pqstv] [-g NAME] [PATH...]\n", QUIS); }
/* --- @version@ --- */
-V, --version Display the program's version number.\n\
-u, --usage Show a terse usage summary.\n\
\n\
--v, --verbose Be verbose about the search progress (cumulative).\n\
+-g, --group NAME Consider members of group NAME trustworthy.\n\
+-p, --print Write the secure path elements to standard output.\n\
-q, --quiet Be quiet about the search progress (cumulative).\n\
-s, --sticky Consider sticky directories secure against\n\
modification by world and group (not recommended).\n\
-t, --trust-group Consider other members of your group trustworthy.\n\
--g, --group NAME Consider members of group NAME trustworthy.\n\
--p, --print Write the secure path elements to standard output.\n\
+-v, --verbose Be verbose about the search progress (cumulative).\n\
",
fp);
}
{ "version", 0, 0, 'V' },
{ "usage", 0, 0, 'u' },
{ "group", OPTF_ARGREQ, 0, 'g' },
- { "verbose", 0, 0, 'v' },
+ { "print", 0, 0, 'p' },
{ "quiet", 0, 0, 'q' },
{ "sticky", 0, 0, 's' },
{ "trust-group", 0, 0, 't' },
- { "print", 0, 0, 'p' },
+ { "verbose", 0, 0, 'v' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "hVu" "vqstpg:", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "hVu" "g:pqstv", opts, 0, 0, 0);
if (i < 0)
break;
case 'u':
usage(stdout);
exit(0);
- case 'v':
- cp.cp_verbose++;
+ case 'g':
+ allowgroup(&cp, optarg);
+ break;
+ case 'p':
+ f |= f_print;
break;
case 'q':
if (cp.cp_verbose)
if (checkpath_setgid(&cp) || checkpath_setgroups(&cp))
die(1, "too many groups");
break;
- case 'g':
- allowgroup(&cp, optarg);
- break;
- case 'p':
- f |= f_print;
+ case 'v':
+ cp.cp_verbose++;
break;
default:
bad = 1;
.SH SYNOPSIS
.B tmpdir
.RB [ \-bcv ]
-.RB [ \-g
-.IR group ]
.RB [ \-C
.IR dir ]
+.RB [ \-g
+.IR group ]
.SH USAGE
The
.B tmpdir
.SS Options
The following options are supported:
.TP
+.BI "\-C, \-\-check " dir
+Don't try to find a temporary directory; just see whether
+.I dir
+is secure, and exit successfully if it is (and unsuccessfully if it
+isn't).
+.TP
.B "\-b, \-\-bourne"
Output an assignment using Bourne shell syntax. The default is to
examine the user's shell and decide which syntax to use based on that.
.TP
.B "-v, \-\-verbose"
Report problems to standard error. Repeat for more verbosity.
-.TP
-.BI "\-C, \-\-check " dir
-Don't try to find a temporary directory; just see whether
-.I dir
-is secure, and exit successfully if it is (and unsuccessfully if it
-isn't).
.SH BUGS
None known.
.SH SEE ALSO
/* --- @usage@ --- */
static void usage(FILE *fp)
- { fprintf(fp, "Usage: %s [-bcv] [-g NAME] [-C PATH]\n", QUIS); }
+ { fprintf(fp, "Usage: %s [-bcv] [-C PATH] [-g NAME]\n", QUIS); }
/* --- @version@ --- */
-V, --version Display the program's version number.\n\
-u, --usage Display a terse usage summary.\n\
\n\
+-C, --check PATH Check whether PATH is good, setting exit status.\n\
-b, --bourne Output a `TMPDIR' setting for Bourne shell users.\n\
-c, --cshell Output a `TMPDIR' setting for C shell users.\n\
--v, --verbose Report problems to standard error.\n\
-g, --group NAME Trust group NAME to be honest and true.\n\
--C, --check PATH Check whether PATH is good, setting exit status.\n\
+-v, --verbose Report problems to standard error.\n\
\n\
The default action is to examine the caller's shell and output a suitable\n\
setting for that shell type.\n\
{ "help", 0, 0, 'h' },
{ "version", 0, 0, 'V' },
{ "usage", 0, 0, 'u' },
- { "bourne", 0, 0, 'b' },
- { "cshell", 0, 0, 'c' },
{ "check", OPTF_ARGREQ, 0, 'C' },
{ "verify", OPTF_ARGREQ, 0, 'C' },
- { "verbose", 0, 0, 'v' },
+ { "bourne", 0, 0, 'b' },
+ { "cshell", 0, 0, 'c' },
{ "group", OPTF_ARGREQ, 0, 'g' },
+ { "verbose", 0, 0, 'v' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "hVu" "bcvg:C:", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "hVu" "C:bcg:v", opts, 0, 0, 0);
if (i < 0)
break;
case 'u':
usage(stdout);
exit(0);
+ case 'C':
+ return (!fullcheck(optarg));
+ break;
case 'b':
shell = sh_bourne;
break;
case 'c':
shell = sh_csh;
break;
- case 'C':
- return (!fullcheck(optarg));
- break;
case 'g':
allowgroup(&cp, optarg);
break;
~mdw / checkpath / commitdiff