>Number:         36058
>Category:       misc
>Synopsis:       cut'n'pasto in /etc/security (patch supplied)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 22 15:10:00 +0000 2007
>Originator:     Jukka Salmi
>Release:        NetBSD 4.99.13
>Environment:
System: NetBSD moray.salmi.ch 4.99.13 NetBSD 4.99.13 (MORAY.APM) #0: Thu Mar 8 14:20:43 CET 2007 build@moray.salmi.ch:/build/nbsd/i386/sys/arch/i386/compile/MORAY.APM i386
Architecture: i386
Machine: i386
>Description:
The `check_homes' check in /etc/security incorrectly checks for group-
and other-writable home directories.
>How-To-Repeat:
Make your $HOME group- and/or other-writable, run /etc/security and
wonder why it doesn't report the "wrong" file mode...
>Fix:
Index: etc/security
===================================================================
RCS file: /cvsroot/src/etc/security,v
retrieving revision 1.100
diff -u -p -r1.100 security
--- etc/security	26 Sep 2006 08:32:40 -0000	1.100
+++ etc/security	22 Mar 2007 12:36:53 -0000
@@ -495,9 +495,9 @@ if checkyesno check_homes; then
 	awk -v "usergroups=$permit_usergroups" '
 	     $1 != $4 && $4 != "root" \
 		{ print "user " $1 " home directory is owned by " $4 }
-	     $2 ~ /^-....w/ && (!usergroups || $5 != $1) \
+	     $2 ~ /^d....w/ && (!usergroups || $5 != $1) \
 		{ print "user " $1 " home directory is group writable" }
-	     $2 ~ /^-.......w/ \
+	     $2 ~ /^d.......w/ \
 		{ print "user " $1 " home directory is other writable" }' \
 	    > $OUTPUT
 	if [ -s $OUTPUT ] ; then