Date: Wed, 24 Jul 2002 14:30:03 -0700 (PDT) From: frf <frf@xocolatl.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/40960: periodic security leaves tmp files behind Message-ID: <200207242130.g6OLU3c7099835@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/40960; it has been noted by GNATS.
From: frf <frf@xocolatl.com>
To: FreeBSD-gnats-submit@FreeBSD.org
Cc:
Subject: Re: bin/40960: periodic security leaves tmp files behind
Date: Wed, 24 Jul 2002 14:29:04 -0700 (PDT)
Here's a patch...
+++ security/100.chksetuid Wed Jul 24 14:19:44 2002
@@ -35,12 +35,12 @@
source_periodic_confs
fi
-TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
LOG="${daily_status_security_logdir}"
rc=0
case "$daily_status_security_chksetuid_enable" in
[Yy][Ee][Ss])
+ TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
echo ""
echo 'Checking setuid files and devices:'
# XXX Note that there is the possibility of overrunning the args to ls
+++ security/200.chkmounts Wed Jul 24 14:20:00 2002
@@ -38,13 +38,13 @@
source_periodic_confs
fi
-TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
LOG="${daily_status_security_logdir}"
ignore="${daily_status_security_chkmounts_ignore}"
rc=0
case "$daily_status_security_chkmounts_enable" in
[Yy][Ee][Ss])
+ TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
case "$daily_status_security_noamd" in
[Yy][Ee][Ss])
ignore="${ignore}|^amd:"
+++ security/500.ipfwdenied Wed Jul 24 14:20:27 2002
@@ -39,12 +39,12 @@
source_periodic_confs
fi
-TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
LOG="${daily_status_security_logdir}"
rc=0
case "$daily_status_security_ipfwdenied_enable" in
[Yy][Ee][Ss])
+ TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
if [ ! -f ${LOG}/ipfw.today ]; then
rc=1
+++ security/550.ipfwlimit Wed Jul 24 14:20:40 2002
@@ -38,11 +38,11 @@
source_periodic_confs
fi
-TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
rc=0
case "$daily_status_security_ipfwlimit_enable" in
[Yy][Ee][Ss])
+ TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
ipfw -a l | grep " log " | perl -n -e \
+++ security/600.ip6fwdenied Wed Jul 24 14:20:53 2002
@@ -38,12 +38,12 @@
source_periodic_confs
fi
-TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
LOG="${daily_status_security_logdir}"
rc=0
case "$daily_status_security_ip6fwdenied_enable" in
[Yy][Ee][Ss])
+ TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
if ip6fw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
if [ ! -f ${LOG}/ip6fw.today ]; then
rc=1
+++ security/650.ip6fwlimit Wed Jul 24 14:21:09 2002
@@ -38,11 +38,11 @@
source_periodic_confs
fi
-TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
rc=0
case "$daily_status_security_ip6fwlimit_enable" in
[Yy][Ee][Ss])
+ TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null`
if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
ip6fw -a l | grep " log " | perl -n -e \
+++ security/700.kernelmsg Wed Jul 24 14:21:17 2002
@@ -38,12 +38,12 @@
source_periodic_confs
fi
-TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
LOG="${daily_status_security_logdir}"
rc=0
case "$daily_status_security_kernelmsg_enable" in
[Yy][Ee][Ss])
+ TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
if dmesg 2>/dev/null > ${TMP}; then
if [ ! -f ${LOG}/dmesg.today ]; then
rc=1
=> Thank you very much for your problem report.
=> It has the internal identification `bin/40960'.
=> The individual assigned to look at your
=> report is: freebsd-bugs.
=>
=> You can access the state of your problem report at any time
=> via this link:
=>
=> http://www.freebsd.org/cgi/query-pr.cgi?pr=40960
=>
=> >Category: bin
=> >Responsible: freebsd-bugs
=> >Synopsis: periodic security leaves tmp files behind
=> >Arrival-Date: Wed Jul 24 10:10:04 PDT 2002
=>
--
frf@xocolatl.com 39:FF:7C:52:66:9D:B9:A3 EA:67:3C:7F:D1:B6:30:36
Sorry. I forget what I was going to say.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207242130.g6OLU3c7099835>