From owner-freebsd-bugs Fri Mar 3 13:10:11 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 8F2F837B667 for ; Fri, 3 Mar 2000 13:10:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id NAA62658; Fri, 3 Mar 2000 13:10:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 2179F37B667; Fri, 3 Mar 2000 13:05:18 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id QAA44752; Fri, 3 Mar 2000 16:10:43 -0500 (EST) (envelope-from cjc) Message-Id: <200003032110.QAA44752@cc942873-a.ewndsr1.nj.home.com> Date: Fri, 3 Mar 2000 16:10:43 -0500 (EST) From: "Crist J. Clark" Reply-To: cjc@cc942873-a.ewndsr1.nj.home.com To: FreeBSD-gnats-submit@freebsd.org Cc: freebsd-security@freebsd.org X-Send-Pr-Version: 3.2 Subject: misc/17155: Add mount(8) check to /etc/security Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 17155 >Category: misc >Synopsis: Add mount(8) check to /etc/security >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Mar 3 13:10:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Crist J. Clark >Release: FreeBSD 3.4-STABLE i386 >Organization: >Environment: FreeBSD 3.4-STABLE, distributed /etc/security file. >Description: The other day I had to change the way a filesystem was mounted to do some administrative tasks (specifically, I turned off the nosuid option). I guess I became distracted because I never re-enabled it until just noticing it recently. I was surprised and a little bit peeved that my /etc/security script would not notice a change in the way filesystems were mounted. Rather than just complain, I modified my own /etc/security's accordingly and decided the modification was something that no one could really argue against, so I'm submitting it here. >How-To-Repeat: Do anything to your filesystem mounts. /etc/security won't notice. >Fix: The structure of the added commands parallels the existing 'dmesg' check currently in place. Frankly, it's almost exactly the same, just different filenames and another command generating the initial output. The only thing I am unsure of is which is more asthetically pleasing, using 'mount -p' output or taking 'mount' output and running it through a quick sed script to clean out the "writes:" information. At this point, I perfer the more verbose mount-sed combo. Both patches are included. Any contructive comments or criticisms appreciated. The mount-sed combo, --- /usr/src/etc/security Tue Dec 21 04:46:02 1999 +++ security Fri Mar 3 15:56:52 2000 @@ -48,6 +48,21 @@ mv $TMP $LOG/setuid.today fi +if mount | sed 's/, writes: [^\)]*//' > $TMP; then + if [ ! -f $LOG/mount.today ]; then + separator + echo "no $LOG/mount.today" + cp $TMP $LOG/mount.today + fi + if cmp $LOG/mount.today $TMP >/dev/null 2>&1; then :; else + separator + echo "$host changes in mounted filesystems:" + diff -b $LOG/mount.today $TMP + mv $LOG/mount.today $LOG/mount.yesterday + mv $TMP $LOG/mount.today + fi +fi + separator echo "checking for uids of 0:" awk -F: '$3==0 {print $1,$3}' /etc/master.passwd Now for the mount-p version, --- /usr/src/etc/security Tue Dec 21 04:46:02 1999 +++ security Fri Mar 3 15:57:52 2000 @@ -48,6 +48,21 @@ mv $TMP $LOG/setuid.today fi +if mount -p > $TMP; then + if [ ! -f $LOG/mount.today ]; then + separator + echo "no $LOG/mount.today" + cp $TMP $LOG/mount.today + fi + if cmp $LOG/mount.today $TMP >/dev/null 2>&1; then :; else + separator + echo "$host changes in mounted filesystems:" + diff -b $LOG/mount.today $TMP + mv $LOG/mount.today $LOG/mount.yesterday + mv $TMP $LOG/mount.today + fi +fi + separator echo "checking for uids of 0:" awk -F: '$3==0 {print $1,$3}' /etc/master.passwd >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message