Kevin Oberman <rkober...@gmail.com> writes:
> It's just that there are cases where negative group permissions are
> intended and this is such a case. If you don't want to see them, add
> "daily_status_security_neggrpperm_enable="NO" to /etc/periodic.conf.
I added a hack to work around this without disabling the check
completely. Anything wrong with something of this sort?
--- /etc/periodic/security/110.neggrpperm 2014-07-08 14:12:31.000000000
-0400
+++ /usr/src/etc/periodic/security/110.neggrpperm 2014-06-03
19:49:13.000000000 -0400
@@ -37,26 +37,18 @@
security_daily_compat_var security_status_neggrpperm_enable
-
rc=0
if check_yesno_period security_status_neggrpperm_enable
then
echo ""
echo 'Checking negative group permissions:'
-
- if [ -z ${security_neggrperm_ignore} ] ; then
- echo security_neggrperm_ignore not set
- security_neggrperm_ignore="/nonexistent"
- fi
-
MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
n=$(find -sx $MP /dev/null -type f \
\( \( ! -perm +010 -and -perm +001 \) -or \
\( ! -perm +020 -and -perm +002 \) -or \
\( ! -perm +040 -and -perm +004 \) \) \
- -exec ls -liTd \{\} \+ | grep -v "${security_neggrperm_ignore}" | \
- tee /dev/stderr | wc -l)
+ -exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l)
[ $n -gt 0 ] && rc=1 || rc=0
fi
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
