From owner-freebsd-bugs@FreeBSD.ORG  Sat Apr 20 19:20:02 2013
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id E30B3998
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Sat, 20 Apr 2013 19:20:02 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id C60F8B39
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Sat, 20 Apr 2013 19:20:02 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r3KJK25D088029
 for <freebsd-bugs@freefall.freebsd.org>; Sat, 20 Apr 2013 19:20:02 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r3KJK21G088028;
 Sat, 20 Apr 2013 19:20:02 GMT (envelope-from gnats)
Resent-Date: Sat, 20 Apr 2013 19:20:02 GMT
Resent-Message-Id: <201304201920.r3KJK21G088028@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 Garrett Cooper <yaneurabeya@gmail.com>
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 4C030942
 for <freebsd-gnats-submit@FreeBSD.org>; Sat, 20 Apr 2013 19:15:21 +0000 (UTC)
 (envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
 by mx1.freebsd.org (Postfix) with ESMTP id 2373CB12
 for <freebsd-gnats-submit@FreeBSD.org>; Sat, 20 Apr 2013 19:15:21 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
 by red.freebsd.org (8.14.5/8.14.5) with ESMTP id r3KJFKnE098439
 for <freebsd-gnats-submit@FreeBSD.org>; Sat, 20 Apr 2013 19:15:20 GMT
 (envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
 by red.freebsd.org (8.14.5/8.14.5/Submit) id r3KJFKbn098438;
 Sat, 20 Apr 2013 19:15:20 GMT (envelope-from nobody)
Message-Id: <201304201915.r3KJFKbn098438@red.freebsd.org>
Date: Sat, 20 Apr 2013 19:15:20 GMT
From: Garrett Cooper <yaneurabeya@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Subject: conf/178005: setuid periodic checks do dumb diff of file information;
 emits unnecessary noise
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Apr 2013 19:20:02 -0000


>Number:         178005
>Category:       conf
>Synopsis:       setuid periodic checks do dumb diff of file information; emits unnecessary noise
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Apr 20 19:20:02 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Garrett Cooper
>Release:        9-STABLE/10-CURRENT
>Organization:
EMC Isilon
>Environment:
FreeBSD forza.west.isilon.com 9.1-STABLE FreeBSD 9.1-STABLE #3 r+164ee96: Fri Apr 19 22:50:09 PDT 2013 gcooper@forza.west.isilon.com:/usr/obj/scratch/freebsd/stable-9/sys/FORZA amd64
>Description:
The setuid periodic script is checking the ls -l output of files and diffing it versus old data instead of just checking whether or not the mode has changed, which results in a lot of noise in the periodic emails that get sent out whenever an installworld is run. Here's the code that does this ( ls -liTd in etc/periodic/security/100.chksetuid )...

46         MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
47         find -sx $MP /dev/null -type f \
48             \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
49             \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |
50         check_diff setuid - "${host} setuid diffs:"

While this might catch other issues (files being modified), it really doesn't make sense why this script should be doing this. Furthermore, changing the system locale will mess up output with -T in use because it's very locale dependent.

Ultimately, the only things that should really matter are:
1. Whether or not the permissions changed.
2. The path for the permissions (so the result can be properly correlated and diffed).

For debuggability the inode number and date should be included in the email, but not in the diff parsing. Thus, check_diff in etc/periodic/security/security.functions should be modified to only diff certain fields, potentially.
>How-To-Repeat:
- Run 100.chksetuid .
- make installworld .
- Reboot.
- Run 100.chksetuid .
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted: