On Sun, 27.01.2008 at 13:55:39 +0100, Dag-Erling Smørgrav wrote:
> --- etc/periodic/security/100.chksetuid 23 Nov 2007 13:00:31 -0000
> 1.9
> +++ etc/periodic/security/100.chksetuid 27 Jan 2008 12:54:38 -0000
> @@ -43,22 +43,17 @@
> [Yy][Ee][Ss])
> echo ""
> echo 'Checking setuid files and devices:'
> - # XXX Note that there is the possibility of overrunning the args to ls
> - MP=`mount -t ufs,zfs | egrep -v " no(suid|exec)" | awk '{ print $3 }' |
> sort`
> - if [ -n "${MP}" ]
> - then
> - set ${MP}
> - while [ $# -ge 1 ]; do
> - mount=$1
> - shift
> - find $mount -xdev -type f \
> - \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
> - \( -perm -u+s -or -perm -g+s \) -print0
> - done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort -k 11 |
> - check_diff setuid - "${host} setuid diffs:"
> - rc=$?
> - fi;;
> - *) rc=0;;
> + MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
> + find -sx $MP -type f \
> + \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
> + \( -perm -u+s -or -perm -g+s \) -print0 |
> + xargs -0 ls -liTd |
> + check_diff setuid - "${host} setuid diffs:"
> + rc=$?
> + ;;
Since $MP might be empty (think NFS_ROOT or CD9660_ROOT) you'd still
need the [ -n "$MP" ] check, AFAICS.
Cheers,
Ulrich Spoerlein
--
It is better to remain silent and be thought a fool,
than to speak, and remove all doubt.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
