>Number:         9320
>Category:       security
>Synopsis:       /etc/security output incorrect report about "Root umask"
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    security-officer (NetBSD Security Officer)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 30 15:27:00 2000
>Last-Modified:
>Originator:     Takahiro Kambe
>Organization:
	
>Release:        NetBSD-current 2000/1/25
>Environment:
	
System: NetBSD edge.sky.yamashina.kyoto.jp 1.4Q NetBSD 1.4Q (CF-M33) #95: Sun Jan 30 13:01:27 JST 2000 taca@edge.sky.yamashina.kyoto.jp:/usr/src/sys/arch/i386/compile/CF-M33 i386


>Description:
	/etc/security output incorrect report about "Root umask" even if
	umask is really set.  When /etc/security checks umask setting,
	it dosen't care about comment lines.
>How-To-Repeat:
	Add a comment line including "umask" before the setting umask line.

# set root umask
umask 022

>Fix:
	Here is a sample fix.

--- security.orig	Sun Jan 16 13:37:20 2000
+++ security	Mon Jan 31 08:10:56 2000
@@ -187,10 +187,10 @@
 	list="/etc/csh.cshrc /etc/csh.login ${rhome}/.cshrc ${rhome}/.login"
 	for i in $list ; do
 		if [ -f $i ] ; then
-			if egrep umask $i > /dev/null ; then
+			if sed -n -e '/^#/d' -e '/umask/p' $i > /dev/null ; then
 				umaskset=yes
 			fi
-			egrep umask $i |
+			sed -n -e '/^#/d' -e '/umask/p' $i |
 			awk '$2 % 100 < 20 \
 				{ print "\tRoot umask is group writeable" }
 			     $2 % 10 < 2 \
@@ -232,10 +232,10 @@
 	list="/etc/profile ${rhome}/.profile"
 	for i in $list; do
 		if [ -f $i ] ; then
-			if egrep umask $i > /dev/null ; then
+			if sed -n -e '/^#/d' -e '/umask/p' $i > /dev/null ; then
 				umaskset=yes
 			fi
-			egrep umask $i |
+			sed -n -e '/^#/d' -e '/umask/p' $i |
 			awk '$2 % 100 < 20 \
 				{ print "\tRoot umask is group writeable" } \
 			     $2 % 10 < 2 \

>Audit-Trail:
>Unformatted: