On 2020/05/05 12:05, Ingo Schwarze wrote: > Hi, > > Doug Moss wrote on Mon, May 04, 2020 at 03:01:43PM +0000: > > > For OpenBSD 6.6, amd64 > > in the daily script to check security: > > /usr/libexec/security > > > > at line 248 for checking if the umask is set: > > my @list = qw(/etc/profile /root/.profile); > > > > shouldn't that be instead: > > my @list = qw(/.profile /root/.profile); > > > > I think /etc/profile does not exist, and /.profile is the default one. > > So, i consider it settled that /etc/profile must remain in the list. > > I'm currently working on and testing a diff to additionally check > the file /.profile. That diff will *not* be a one-liner, so it > isn't ready yet. We can decide later whether and at which time we > want that committed, when that diff is ready. > > But it seems already clear to me that /.profile should be watched > by changelist(5) because IIUC that file potentially gets executed > in the following situations: > > - single user mode > - user logging in who doesn't have a home directory > - user logging in with home on NFS while NFS is down > > Such situations may not be quite as frequent as normal logins, > but i still consider watching a file that gets executed in such > situations, including as root, potentially relevant, and the > following diff seems low-risk to me. > > OK to commit it now? > Ingo
I agree. OK sthen@. > > Index: changelist > =================================================================== > RCS file: /cvs/src/etc/changelist,v > retrieving revision 1.125 > diff -u -r1.125 changelist > --- changelist 12 Aug 2019 13:28:15 -0000 1.125 > +++ changelist 5 May 2020 09:48:58 -0000 > @@ -165,3 +165,5 @@ > /var/unbound/etc/unbound.conf > /var/yp/Makefile.main > /var/yp/Makefile.yp > +/.cshrc > +/.profile
