From owner-freebsd-hackers@FreeBSD.ORG  Fri Feb  1 21:44:19 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BC8D016A418
	for <hackers@freebsd.org>; Fri,  1 Feb 2008 21:44:19 +0000 (UTC)
	(envelope-from uspoerlein@gmail.com)
Received: from acme.spoerlein.net (acme.spoerlein.net [217.172.44.86])
	by mx1.freebsd.org (Postfix) with ESMTP id 5201513C45B
	for <hackers@freebsd.org>; Fri,  1 Feb 2008 21:44:19 +0000 (UTC)
	(envelope-from uspoerlein@gmail.com)
Received: from roadrunner.spoerlein.net (e180129158.adsl.alicedsl.de
	[85.180.129.158])
	by acme.spoerlein.net (8.14.1/8.14.1) with ESMTP id m11LTpTC039186
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 1 Feb 2008 22:29:52 +0100 (CET)
	(envelope-from uspoerlein@gmail.com)
Received: from roadrunner.spoerlein.net (localhost [127.0.0.1])
	by roadrunner.spoerlein.net (8.14.2/8.14.2) with ESMTP id
	m11LTnvp042649
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 1 Feb 2008 22:29:49 +0100 (CET)
	(envelope-from uspoerlein@gmail.com)
Received: (from uqs@localhost)
	by roadrunner.spoerlein.net (8.14.2/8.14.2/Submit) id m11LTmDq042648;
	Fri, 1 Feb 2008 22:29:48 +0100 (CET)
	(envelope-from uspoerlein@gmail.com)
X-Authentication-Warning: roadrunner.spoerlein.net: uqs set sender to
	uspoerlein@gmail.com using -f
Date: Fri, 1 Feb 2008 22:29:48 +0100
From: Ulrich Spoerlein <uspoerlein@gmail.com>
To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no>
Message-ID: <20080201212948.GE1550@roadrunner.spoerlein.net>
Mail-Followup-To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no>,
	hackers@freebsd.org
References: <86k5lv1l84.fsf@ds4.des.no>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <86k5lv1l84.fsf@ds4.des.no>
User-Agent: Mutt/1.5.17 (2007-11-01)
Cc: hackers@freebsd.org
Subject: Re: 'periodic daily' memory usage
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2008 21:44:19 -0000

On Sun, 27.01.2008 at 13:55:39 +0100, Dag-Erling Smørgrav wrote:
> --- etc/periodic/security/100.chksetuid	23 Nov 2007 13:00:31 -0000	1.9
> +++ etc/periodic/security/100.chksetuid	27 Jan 2008 12:54:38 -0000
> @@ -43,22 +43,17 @@
>      [Yy][Ee][Ss])
>  	echo ""
>  	echo 'Checking setuid files and devices:'
> -	# XXX Note that there is the possibility of overrunning the args to ls
> -	MP=`mount -t ufs,zfs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | sort`
> -	if [ -n "${MP}" ]
> -	then
> -	    set ${MP}
> -	    while [ $# -ge 1 ]; do
> -	        mount=$1
> -	        shift
> -	        find $mount -xdev -type f \
> -			\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
> -			\( -perm -u+s -or -perm -g+s \) -print0
> -	    done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort -k 11 |
> -	      check_diff setuid - "${host} setuid diffs:"
> -	    rc=$?
> -	fi;;
> -    *)	rc=0;;
> +	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
> +	find -sx $MP -type f \
> +		\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
> +		\( -perm -u+s -or -perm -g+s \) -print0 |
> +	    xargs -0 ls -liTd |
> +	    check_diff setuid - "${host} setuid diffs:"
> +	rc=$?
> +	;;

Since $MP might be empty (think NFS_ROOT or CD9660_ROOT) you'd still
need the [ -n "$MP" ] check, AFAICS.

Cheers,
Ulrich Spoerlein
-- 
It is better to remain silent and be thought a fool,
than to speak, and remove all doubt.