diff options
| author | asomers <asomers@FreeBSD.org> | 2017-09-27 15:05:49 +0000 |
|---|---|---|
| committer | asomers <asomers@FreeBSD.org> | 2017-09-27 15:05:49 +0000 |
| commit | a71d5bfd873d44535aa1b42b95e3acc465b3d183 (patch) | |
| tree | 7bec5c42fc300a344f4d89ba9d96b01fb1d2dbb2 | |
| parent | 81448270d4454329f3302889a4d99f3bbca26f4e (diff) | |
| download | FreeBSD-src-a71d5bfd873d44535aa1b42b95e3acc465b3d183.zip FreeBSD-src-a71d5bfd873d44535aa1b42b95e3acc465b3d183.tar.gz | |
MFC r322868:
Fix 100.chksetuid and 110.neggrpperm for mountpoints with spaces
Also, fix them for mountpoints with tabs.
PR: 48325
Reported by: pguyot@kallisys.net, aaron@baugher.biz
| -rwxr-xr-x | etc/periodic/security/100.chksetuid | 8 | ||||
| -rwxr-xr-x | etc/periodic/security/110.neggrpperm | 8 | ||||
| -rw-r--r-- | etc/periodic/security/security.functions | 1 |
3 files changed, 15 insertions, 2 deletions
diff --git a/etc/periodic/security/100.chksetuid b/etc/periodic/security/100.chksetuid index da8d29d..670ae97 100755 --- a/etc/periodic/security/100.chksetuid +++ b/etc/periodic/security/100.chksetuid @@ -45,7 +45,13 @@ if check_yesno_period security_status_chksetuid_enable then echo "" echo 'Checking setuid files and devices:' - MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` + IFS=$'\n' # Don't split mount points with spaces or tabs + MP=`mount -t ufs,zfs | awk ' + $0 !~ /no(suid|exec)/ { + sub(/^.* on \//, "/"); + sub(/ \(.*\)/, ""); + print $0 + }'` find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \ \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ | diff --git a/etc/periodic/security/110.neggrpperm b/etc/periodic/security/110.neggrpperm index bd94015..55974ea 100755 --- a/etc/periodic/security/110.neggrpperm +++ b/etc/periodic/security/110.neggrpperm @@ -43,7 +43,13 @@ if check_yesno_period security_status_neggrpperm_enable then echo "" echo 'Checking negative group permissions:' - MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` + IFS=$'\n' # Don't split mount points with spaces or tabs + MP=`mount -t ufs,zfs | awk ' + $0 !~ /no(suid|exec)/ { + sub(/^.* on \//, "/"); + sub(/ \(.*\)/, ""); + print $0 + }'` n=$(find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \ \( \( ! -perm +010 -and -perm +001 \) -or \ \( ! -perm +020 -and -perm +002 \) -or \ diff --git a/etc/periodic/security/security.functions b/etc/periodic/security/security.functions index c2c757a..00a8907 100644 --- a/etc/periodic/security/security.functions +++ b/etc/periodic/security/security.functions @@ -48,6 +48,7 @@ rc=0 # LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files. check_diff() { + unset IFS rc=0 if [ "$1" = "new_only" ]; then shift |
