Prevent warning about insecure hostnames where no /etc/hostname.*

exists. From wcmaier@.

Check target of symbolic links to avoid noise at boot and in
seucrity output where you have several interfaces symlinked to one
config file.

"If you think this is the right thing to do" deraadt@

diff --git a/etc/netstart b/etc/netstart
index 466de69..4ac1ec0 100644 (file)
--- a/etc/netstart
+++ b/etc/netstart
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#      $OpenBSD: netstart,v 1.121 2008/06/09 22:56:42 todd Exp $
+#      $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $
 
 # Strip comments (and leading/trailing whitespace if IFS is set)
 # from a file and spew to stdout
@@ -40,10 +40,10 @@ ifstart() {
                echo "netstart: $file: No such file or directory"
                return
        fi
-       if [ "$(stat -f "%SLp %u %g" $file)" != "--- 0 0" ]; then
+       if [ "$(stat -Lf "%SLp %u %g" $file)" != "--- 0 0" ]; then
                echo "WARNING: $file is insecure, fixing permissions"
-               chmod o-rwx $file
-               chown root.wheel $file
+               chmod -LR o-rwx $file
+               chown -LR root.wheel $file
        fi
        ifconfig $if > /dev/null 2>&1
        if [ "$?" != "0" ]; then

diff --git a/etc/security b/etc/security
index fd758c1..1277106 100644 (file)
--- a/etc/security
+++ b/etc/security
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#      $OpenBSD: security,v 1.80 2008/04/17 19:49:16 sthen Exp $
+#      $OpenBSD: security,v 1.81 2008/07/23 16:05:47 sthen Exp $
 #      from: @(#)security      8.1 (Berkeley) 6/9/93
 #
 
@@ -303,7 +303,10 @@ fi
 # world-readable.
 
 for f in /etc/hostname.* ; do
-       if [ "$(stat -f "%SLp" $f)" != "---" ]; then
+       if [ ! -e $f ]; then
+               continue
+       fi
+       if [ "$(stat -Lf "%SLp" $f)" != "---" ]; then
                echo "\n$f is world readable."
        fi
 done