Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 1 Jun 2009 17:13:34 GMT
From:      Roberto Grassi <r.grassi-at-obicon.it@FreeBSD.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   conf/135160: 100.chksetuid and non local filesystem mounted on subdirs
Message-ID:  <200906011713.n51HDYow025268@www.freebsd.org>
Resent-Message-ID: <200906011720.n51HK4MD008750@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         135160
>Category:       conf
>Synopsis:       100.chksetuid and non local filesystem mounted on subdirs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 01 17:20:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Roberto Grassi
>Release:        7.2-STABLE
>Organization:
>Environment:
FreeBSD nessus.obicon.local 7.2-STABLE FreeBSD 7.2-STABLE #0: Wed May 27 10:26:48 CEST 2009     root@ux-builder:/usr/obj/usr/src/sys/vmware-esx35  i386

>Description:
The find options in the 100.chksetuid script will traverse mount points found as local (ufs or zfs) but the test if they are local is done on the mount point itself, no further checks are done for non local file system file below them.
In the case a mount point is a subdir of a local mount point, the find will traverse it, causing the traverse go to other machine.
Example:
with this mount command output :
   /dev/da0d on /usr
   10.10.10.10:/usr/ports on /usr/ports
   10.10.10.11:/usr/src on /usr/src
the command inside 100.chksetuid 
   find -sx $MP /dev/null -type f \
     \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
     ...
will go on 10.10.10.10 and 10.10.10.11 server.

Moreover, in the case the NFS, SMBFS or other non local FS server did not respond all the periodic checks will not finish.
>How-To-Repeat:
use mountpoints for non local FS in subdirectory of /.
>Fix:
--- 100.chksetuid.orig  2008-12-27 19:07:31.000000000 +0100
+++ 100.chksetuid       2009-06-01 19:01:51.000000000 +0200
@@ -46,4 +46,5 @@
        MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
        find -sx $MP /dev/null -type f \
+           \( -fstype ufs -or -ftype zfs \) \
            \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
            \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906011713.n51HDYow025268>