If all file systems are marked nosuid, the line:

 	MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`

sets ${MP} to an empty string so the next line:

	set ${MP}

actually just dumps all of the shells variables to stdout (and therefore
the security report).  Fixed by surrounding the code which goes through the
mounts with a test for an empty string before using ${MP}.

Reviewed by:	brian
MFC after:	3 days

1 files changed, 11 insertions, 8 deletions

diff --git a/etc/periodic/security/100.chksetuid b/etc/periodic/security/100.chksetuid
index 16411c0..2bc6c52 100755
--- a/etc/periodic/security/100.chksetuid
+++ b/etc/periodic/security/100.chksetuid
@@ -45,14 +45,17 @@ case "$daily_status_security_chksetuid_enable" in
 	echo 'Checking setuid files and devices:'
 	# XXX Note that there is the possibility of overrunning the args to ls
 	MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`
-	set ${MP}
-	while [ $# -ge 1 ]; do
-	    mount=$1
-	    shift
-	    find $mount -xdev -type f \
-		    \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
-		    \( -perm -u+s -or -perm -g+s \) -print0
-	done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort +10 > ${TMP}
+	if [ -n "${MP}" ]
+	then
+	    set ${MP}
+	    while [ $# -ge 1 ]; do
+	        mount=$1
+	        shift
+	        find $mount -xdev -type f \
+			\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
+			\( -perm -u+s -or -perm -g+s \) -print0
+	    done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort +10 > ${TMP}
+	fi
 
 	if [ ! -f ${LOG}/setuid.today ]; then
 	    rc=1