Date: Mon, 3 Oct 2016 15:17:23 +0000 (UTC) From: Alan Somers <asomers@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r306644 - stable/10/etc/periodic/security Message-ID: <201610031517.u93FHNkT070256@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: asomers Date: Mon Oct 3 15:17:22 2016 New Revision: 306644 URL: https://svnweb.freebsd.org/changeset/base/306644 Log: MFC r306048 Fix periodic scripts when an NFS mount covers a local mount 100.chksetuid and 110.neggrpperm try to search through all UFS and ZFS filesystems. But their logic contains an error. They also search through remote filesystems that are mounted on top of the root of a local filesystem. For example, if a user installs a FreeBSD system with the default ZFS layout, he'll get a zroot/usr/home filesystem. If he then mounts /usr/home over NFS, these scripts would search through /usr/home. Modified: stable/10/etc/periodic/security/100.chksetuid stable/10/etc/periodic/security/110.neggrpperm Directory Properties: stable/10/ (props changed) Modified: stable/10/etc/periodic/security/100.chksetuid ============================================================================== --- stable/10/etc/periodic/security/100.chksetuid Mon Oct 3 15:14:58 2016 (r306643) +++ stable/10/etc/periodic/security/100.chksetuid Mon Oct 3 15:17:22 2016 (r306644) @@ -46,7 +46,7 @@ then echo "" echo 'Checking setuid files and devices:' MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` - find -sx $MP /dev/null -type f \ + find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \ \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ | check_diff setuid - "${host} setuid diffs:" Modified: stable/10/etc/periodic/security/110.neggrpperm ============================================================================== --- stable/10/etc/periodic/security/110.neggrpperm Mon Oct 3 15:14:58 2016 (r306643) +++ stable/10/etc/periodic/security/110.neggrpperm Mon Oct 3 15:17:22 2016 (r306644) @@ -44,7 +44,7 @@ then echo "" echo 'Checking negative group permissions:' MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` - n=$(find -sx $MP /dev/null -type f \ + n=$(find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \ \( \( ! -perm +010 -and -perm +001 \) -or \ \( ! -perm +020 -and -perm +002 \) -or \ \( ! -perm +040 -and -perm +004 \) \) \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610031517.u93FHNkT070256>