Rewrite to consume significantly less memory, by using find -s instead of

find | sort.  As a bonus, this simplifies the logic considerably.  Also
remove the bogus "overruning the args to ls" comment and the corresponding
"-n 20" argument to xargs; the whole point with xargs is precisely that it
knows how large the argument list can safely get.

Note that the first run of the updated script may hypotheticall produce
false positives due to differences between find's and sort's sorting
algorithm.  I haven't seen this during testing, but others might.

MFC after:	2 weeks

1 files changed, 11 insertions, 16 deletions

diff --git a/etc/periodic/security/100.chksetuid b/etc/periodic/security/100.chksetuid
index 2921ee6..451c6b6 100755
--- a/etc/periodic/security/100.chksetuid
+++ b/etc/periodic/security/100.chksetuid
@@ -43,22 +43,17 @@ case "$daily_status_security_chksetuid_enable" in
     [Yy][Ee][Ss])
 	echo ""
 	echo 'Checking setuid files and devices:'
-	# XXX Note that there is the possibility of overrunning the args to ls
-	MP=`mount -t ufs,zfs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | sort`
-	if [ -n "${MP}" ]
-	then
-	    set ${MP}
-	    while [ $# -ge 1 ]; do
-	        mount=$1
-	        shift
-	        find $mount -xdev -type f \
-			\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
-			\( -perm -u+s -or -perm -g+s \) -print0
-	    done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort -k 11 |
-	      check_diff setuid - "${host} setuid diffs:"
-	    rc=$?
-	fi;;
-    *)	rc=0;;
+	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
+	find -sx $MP /dev/null -type f \
+	    \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
+	    \( -perm -u+s -or -perm -g+s \) -print0 |
+	xargs -0 ls -liTd |
+	check_diff setuid - "${host} setuid diffs:"
+	rc=$?
+	;;
+    *)
+	rc=0
+	;;
 esac
 
 exit $rc