diff options
author | gshapiro <gshapiro@FreeBSD.org> | 2002-08-03 22:33:34 +0000 |
---|---|---|
committer | gshapiro <gshapiro@FreeBSD.org> | 2002-08-03 22:33:34 +0000 |
commit | 8cc0839b134c422ecc8ab8449ce6badd3bc0f792 (patch) | |
tree | ec6b23a03b3c55781fd9c89f1a045a3714c6bbc1 /etc/periodic | |
parent | 17a175bb0bc302999aafb0cd3c63aed4fe174b84 (diff) | |
download | FreeBSD-src-8cc0839b134c422ecc8ab8449ce6badd3bc0f792.zip FreeBSD-src-8cc0839b134c422ecc8ab8449ce6badd3bc0f792.tar.gz |
If all file systems are marked nosuid, the line:
MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`
sets ${MP} to an empty string so the next line:
set ${MP}
actually just dumps all of the shells variables to stdout (and therefore
the security report). Fixed by surrounding the code which goes through the
mounts with a test for an empty string before using ${MP}.
Reviewed by: brian
MFC after: 3 days
Diffstat (limited to 'etc/periodic')
-rwxr-xr-x | etc/periodic/security/100.chksetuid | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/etc/periodic/security/100.chksetuid b/etc/periodic/security/100.chksetuid index 16411c0..2bc6c52 100755 --- a/etc/periodic/security/100.chksetuid +++ b/etc/periodic/security/100.chksetuid @@ -45,14 +45,17 @@ case "$daily_status_security_chksetuid_enable" in echo 'Checking setuid files and devices:' # XXX Note that there is the possibility of overrunning the args to ls MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort` - set ${MP} - while [ $# -ge 1 ]; do - mount=$1 - shift - find $mount -xdev -type f \ - \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ - \( -perm -u+s -or -perm -g+s \) -print0 - done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort +10 > ${TMP} + if [ -n "${MP}" ] + then + set ${MP} + while [ $# -ge 1 ]; do + mount=$1 + shift + find $mount -xdev -type f \ + \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ + \( -perm -u+s -or -perm -g+s \) -print0 + done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort +10 > ${TMP} + fi if [ ! -f ${LOG}/setuid.today ]; then rc=1 |