From owner-freebsd-bugs Wed Jul 24 14:30:13 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4437A37B400 for ; Wed, 24 Jul 2002 14:30:04 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAA5643E6E for ; Wed, 24 Jul 2002 14:30:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6OLU3JU099836 for ; Wed, 24 Jul 2002 14:30:03 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6OLU3c7099835; Wed, 24 Jul 2002 14:30:03 -0700 (PDT) Date: Wed, 24 Jul 2002 14:30:03 -0700 (PDT) Message-Id: <200207242130.g6OLU3c7099835@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: frf Subject: Re: bin/40960: periodic security leaves tmp files behind Reply-To: frf Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR bin/40960; it has been noted by GNATS. From: frf To: FreeBSD-gnats-submit@FreeBSD.org Cc: Subject: Re: bin/40960: periodic security leaves tmp files behind Date: Wed, 24 Jul 2002 14:29:04 -0700 (PDT) Here's a patch... +++ security/100.chksetuid Wed Jul 24 14:19:44 2002 @@ -35,12 +35,12 @@ source_periodic_confs fi -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` LOG="${daily_status_security_logdir}" rc=0 case "$daily_status_security_chksetuid_enable" in [Yy][Ee][Ss]) + TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` echo "" echo 'Checking setuid files and devices:' # XXX Note that there is the possibility of overrunning the args to ls +++ security/200.chkmounts Wed Jul 24 14:20:00 2002 @@ -38,13 +38,13 @@ source_periodic_confs fi -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` LOG="${daily_status_security_logdir}" ignore="${daily_status_security_chkmounts_ignore}" rc=0 case "$daily_status_security_chkmounts_enable" in [Yy][Ee][Ss]) + TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` case "$daily_status_security_noamd" in [Yy][Ee][Ss]) ignore="${ignore}|^amd:" +++ security/500.ipfwdenied Wed Jul 24 14:20:27 2002 @@ -39,12 +39,12 @@ source_periodic_confs fi -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` LOG="${daily_status_security_logdir}" rc=0 case "$daily_status_security_ipfwdenied_enable" in [Yy][Ee][Ss]) + TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then if [ ! -f ${LOG}/ipfw.today ]; then rc=1 +++ security/550.ipfwlimit Wed Jul 24 14:20:40 2002 @@ -38,11 +38,11 @@ source_periodic_confs fi -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` rc=0 case "$daily_status_security_ipfwlimit_enable" in [Yy][Ee][Ss]) + TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then ipfw -a l | grep " log " | perl -n -e \ +++ security/600.ip6fwdenied Wed Jul 24 14:20:53 2002 @@ -38,12 +38,12 @@ source_periodic_confs fi -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` LOG="${daily_status_security_logdir}" rc=0 case "$daily_status_security_ip6fwdenied_enable" in [Yy][Ee][Ss]) + TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` if ip6fw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then if [ ! -f ${LOG}/ip6fw.today ]; then rc=1 +++ security/650.ip6fwlimit Wed Jul 24 14:21:09 2002 @@ -38,11 +38,11 @@ source_periodic_confs fi -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` rc=0 case "$daily_status_security_ip6fwlimit_enable" in [Yy][Ee][Ss]) + TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then ip6fw -a l | grep " log " | perl -n -e \ +++ security/700.kernelmsg Wed Jul 24 14:21:17 2002 @@ -38,12 +38,12 @@ source_periodic_confs fi -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` LOG="${daily_status_security_logdir}" rc=0 case "$daily_status_security_kernelmsg_enable" in [Yy][Ee][Ss]) + TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` if dmesg 2>/dev/null > ${TMP}; then if [ ! -f ${LOG}/dmesg.today ]; then rc=1 => Thank you very much for your problem report. => It has the internal identification `bin/40960'. => The individual assigned to look at your => report is: freebsd-bugs. => => You can access the state of your problem report at any time => via this link: => => http://www.freebsd.org/cgi/query-pr.cgi?pr=40960 => => >Category: bin => >Responsible: freebsd-bugs => >Synopsis: periodic security leaves tmp files behind => >Arrival-Date: Wed Jul 24 10:10:04 PDT 2002 => -- frf@xocolatl.com 39:FF:7C:52:66:9D:B9:A3 EA:67:3C:7F:D1:B6:30:36 Sorry. I forget what I was going to say. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message