Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!purdue!tut.cis.ohio-state.edu!cs.utexas.edu!natinst!rpp386!jfh
From: jfh@rpp386.cactus.org (John F. Haugh II)
Newsgroups: comp.unix.wizards
Subject: Re: What should go into a security-checking shell script?
Message-ID: <17187@rpp386.cactus.org>
Date: 24 Oct 89 04:11:57 GMT
References: <363@nisca.ircc.ohio-state.edu>
Reply-To: jfh@rpp386.cactus.org (John F. Haugh II)
Distribution: usa
Organization: River Parishes Programming, Austin TX
Lines: 21

In article <363@nisca.ircc.ohio-state.edu> bernstei@hpuxa.ircc.ohio-state.edu (Dan Bernstein) writes:
>The title is self-explanatory. I'll try to archive all responses.
>
> Subject: Re: What should go into a security-checking shell script?

The real question is what can you afford to not put into your
shell script?

shell is too clumsy for something as important as a security
checking program.  There was a little file scanner posted some time
back that can be used as a nice start.

Most of the inode is security-relevant.  Owner, group, mode, size
and modification time are all important.  The checksum and file
format may also be interesting, so the ability to specify a per-file
checking program is desirable.
-- 
John F. Haugh II                        +-Things you didn't want to know:------
VoiceNet: (512) 832-8832   Data: -8835  | The real meaning of EMACS is ...
InterNet: jfh@rpp386.cactus.org         |   ... EMACS makes a computer slow.
UUCPNet:  {texbell|bigtex}!rpp386!jfh   +--<><--<><--<><--<><--<><--<><--<><---