Hi Stuart, very preliminary answer off the top of my head:
Stuart Henderson wrote on Mon, May 04, 2020 at 04:23:44PM +0100: > On 2020/05/04 15:01, Doug Moss wrote: >> For OpenBSD 6.6, amd64 >> in the daily script to check security: >> /usr/libexec/security >> >> at line 248 for checking if the umask is set: >> my @list = qw(/etc/profile /root/.profile); >> >> shouldn't that be instead: >> my @list = qw(/.profile /root/.profile); >> >> I think /etc/profile does not exist, and /.profile is the default one. > I'm not sure in which situations /.profile would be used, AFAIK when a user logs in and their home directory does not exist, for example if it does not exist outright or if it exists on NFS but NFS is down. In the most usual configurations, login may fail completely when NFS/YP is down, but i made it possible several years ago using netid(5) that specially privileged and configfured users may still be able to log in for repairs in situations when NFS and YP are down. > but /etc/profile is definitely used if it exists. Indeed, if /etc/profile sets a dubious umask, a warning makes sense. However, Doug may have a point. If /.profile sets a dubious umask, i think that can also be a problem, so it might be worth warning about that, too. Considering we are in lock for release, i'll investigate ASAP and send a patch if i come to the conclusion this can be improved. Yours, Ingo > ksh documentation says $HOME/.profile and /etc/profile.
