Date: Fri, 1 Feb 2008 22:29:48 +0100 From: Ulrich Spoerlein <uspoerlein@gmail.com> To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no> Cc: hackers@freebsd.org Subject: Re: 'periodic daily' memory usage Message-ID: <20080201212948.GE1550@roadrunner.spoerlein.net> In-Reply-To: <86k5lv1l84.fsf@ds4.des.no> References: <86k5lv1l84.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 27.01.2008 at 13:55:39 +0100, Dag-Erling Smørgrav wrote:
> --- etc/periodic/security/100.chksetuid 23 Nov 2007 13:00:31 -0000 1.9
> +++ etc/periodic/security/100.chksetuid 27 Jan 2008 12:54:38 -0000
> @@ -43,22 +43,17 @@
> [Yy][Ee][Ss])
> echo ""
> echo 'Checking setuid files and devices:'
> - # XXX Note that there is the possibility of overrunning the args to ls
> - MP=`mount -t ufs,zfs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | sort`
> - if [ -n "${MP}" ]
> - then
> - set ${MP}
> - while [ $# -ge 1 ]; do
> - mount=$1
> - shift
> - find $mount -xdev -type f \
> - \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
> - \( -perm -u+s -or -perm -g+s \) -print0
> - done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort -k 11 |
> - check_diff setuid - "${host} setuid diffs:"
> - rc=$?
> - fi;;
> - *) rc=0;;
> + MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
> + find -sx $MP -type f \
> + \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
> + \( -perm -u+s -or -perm -g+s \) -print0 |
> + xargs -0 ls -liTd |
> + check_diff setuid - "${host} setuid diffs:"
> + rc=$?
> + ;;
Since $MP might be empty (think NFS_ROOT or CD9660_ROOT) you'd still
need the [ -n "$MP" ] check, AFAICS.
Cheers,
Ulrich Spoerlein
--
It is better to remain silent and be thought a fool,
than to speak, and remove all doubt.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080201212948.GE1550>