svn commit: r306048 - head/etc/periodic/security

Tue, 20 Sep 2016 11:54:56 -0700 

Author: asomers
Date: Tue Sep 20 18:47:33 2016
New Revision: 306048
URL: https://svnweb.freebsd.org/changeset/base/306048

Log:
  Fix periodic scripts when an NFS mount covers a local mount
  
  100.chksetuid and 110.neggrpperm try to search through all UFS and ZFS
  filesystems. But their logic contains an error. They also search through
  remote filesystems that are mounted on top of the root of a local
  filesystem. For example, if a user installs a FreeBSD system with the
  default ZFS layout, he'll get a zroot/usr/home filesystem. If he then mounts
  /usr/home over NFS, these scripts would search through /usr/home.
  
  MFC after:    4 weeks
  Sponsored by: Spectra Logic Corp
  Differential Revision:        https://reviews.freebsd.org/D7482

Modified:
  head/etc/periodic/security/100.chksetuid
  head/etc/periodic/security/110.neggrpperm

Modified: head/etc/periodic/security/100.chksetuid
==============================================================================
--- head/etc/periodic/security/100.chksetuid    Tue Sep 20 18:38:16 2016        
(r306047)
+++ head/etc/periodic/security/100.chksetuid    Tue Sep 20 18:47:33 2016        
(r306048)
@@ -46,7 +46,7 @@ then
        echo ""
        echo 'Checking setuid files and devices:'
        MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
-       find -sx $MP /dev/null -type f \
+       find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
            \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
            \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |
        check_diff setuid - "${host} setuid diffs:"

Modified: head/etc/periodic/security/110.neggrpperm
==============================================================================
--- head/etc/periodic/security/110.neggrpperm   Tue Sep 20 18:38:16 2016        
(r306047)
+++ head/etc/periodic/security/110.neggrpperm   Tue Sep 20 18:47:33 2016        
(r306048)
@@ -44,7 +44,7 @@ then
        echo ""
        echo 'Checking negative group permissions:'
        MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
-       n=$(find -sx $MP /dev/null -type f \
+       n=$(find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
            \( \( ! -perm +010 -and -perm +001 \) -or \
            \( ! -perm +020 -and -perm +002 \) -or \
            \( ! -perm +040 -and -perm +004 \) \) \
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to