diff options
Diffstat (limited to 'tags/m/maintainer-script-should-not-parse-etc-passwd-or-group.tag')
| -rw-r--r-- | tags/m/maintainer-script-should-not-parse-etc-passwd-or-group.tag | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/tags/m/maintainer-script-should-not-parse-etc-passwd-or-group.tag b/tags/m/maintainer-script-should-not-parse-etc-passwd-or-group.tag new file mode 100644 index 0000000..1da9065 --- /dev/null +++ b/tags/m/maintainer-script-should-not-parse-etc-passwd-or-group.tag @@ -0,0 +1,10 @@ +Tag: maintainer-script-should-not-parse-etc-passwd-or-group +Severity: warning +Check: scripts +See-Also: getent(1), nss(5) +Explanation: The maintainer script appears to manually parse <code>/etc/passwd</code> + or <code>/etc/group</code> instead of using the <code>getent(1)</code> utility + to display entries. + . + This bypasses the Name Service Switch (NSS), avoiding querying + centralised or networked user databases such as LDAP, etc. |