Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 02 Jan 2026 08:28:21 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 178005] setuid periodic checks do dumb diff of file information; emits unnecessary noise
Message-ID:  <bug-178005-227-ehrFh6oPCX@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-178005-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178005

Michael Grimm <trashcan@ellael.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |trashcan@ellael.org

--- Comment #2 from Michael Grimm <trashcan@ellael.org> ---
Hi,

you'll find a new 101.newchksetuid attached that mor or less does what you
propose:

# modifications to default /etc/periodic/security/100.chksetuid:
#
#  () detect modifications in file permissions, only
#  () new function check_diff_chksetuid is used to do comparisons
#  () check_diff_chksetuid should be added to
#       /etc/periodic/security/security.functions after acceptance
#
#  [] thus, only modfications of setuid permission will be reported
#  [] this will reduce unnecessary noise in daily security mails,
#     significantly
#
# put this file into: /etc/periodic/security/
#
# add to periodic.conf:
#   security_status_newchksetuid_enable="YES"
#   security_status_newchksetuid_period="daily"
#   security_status_chksetuid_enable="NO"

The new check_diff_chksetuid uses awk to compares only the file permission
columns, but reports the complete 'ls' line.

I do have ths running for a while now and didn't find a bug, yet.

Possible actions:

1) add 101.newchksetuid as an alternative as is
2) add 101.newchksetuid as an alternative *and* add check_diff_chksetuid to
security.functions
3) patch 100.chksetuid *and* add check_diff_chksetuid to security.functions

If one decides for 2) or 3), please let me know. I will prepare the appropriate
patches, then

Regards,
Michael

-- 
You are receiving this mail because:
You are the assignee for the bug.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-178005-227-ehrFh6oPCX>