From owner-freebsd-questions  Fri Jan 17 12:09:28 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id MAA22890
          for questions-outgoing; Fri, 17 Jan 1997 12:09:28 -0800 (PST)
Received: from onyx.interactive.net (root@onyx.interactive.net [208.192.224.6])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id MAA22885
          for <questions@FreeBSD.org>; Fri, 17 Jan 1997 12:09:23 -0800 (PST)
Received: from luddite.org (host019.madison.interactive.net [208.192.224.119])
          by onyx.interactive.net (8.8.4/8.8.4) with ESMTP
	  id PAA06076; Fri, 17 Jan 1997 15:08:40 -0500 (EST)
Received: (from sachs@localhost) by luddite.org (8.8.3/8.7.3) id PAA01162; Fri, 17 Jan 1997 15:08:35 -0500 (EST)
To: Will Mitayai Keeso Rowe <mitayai@dreaming.org>
Cc: questions@FreeBSD.org
Subject: Re: vapour security check output
References: <Pine.BSI.3.95.970117020615.1500C-100000@dreamlabs.dreaming.org>
X-Face: +i14.(3OL6caXxAJslm\+OS:-ckkfx6J6UzO>df-4b#2+d{+TH;5DC9Nc1Z7'1>s^AZ"HG7
 Av0@MtZ81SyDECC9S"PEo%s"dY4&Hud:w!PjnmT,FL2Sv(5oI7Y"l;|1rf:^'n$Ghg~?x3hanxCg"N
 ))JT[Ja%$#"Ou)FSb(2#e3*\xq{R;b]Ur8<bFS-|%V*B]eO]<iSa^>$!%w~t4|q@<_xKd??D~Zf(r!
 p#GC$,Cdm:$OdYL&B!;V%Ei^{N)96)[{pWI{@{ZsEn%oMxJ><(7-!YJ\`fx
From: Jay Sachs <sachs@interactive.net>
Date: 17 Jan 1997 15:08:34 -0500
In-Reply-To: Will Mitayai Keeso Rowe's message of Fri, 17 Jan 1997 02:10:28 -0500 (EST)
Message-ID: <87u3og6p4t.fsf@luddite.org>
Lines: 43
X-Mailer: Red Gnus v0.80/XEmacs 19.14
Sender: owner-questions@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk


> An annoying thing about security check is that if there are ' or spaces
> in file names or directories (i deal with MAC people... sigh) you get
> lots of error messages. The one i've included is from a system that only 
> has a few. I have 154 at last count, so i didn't want to overload the
> net with my example. :)

Yeah, the 'find' in /etc/security uses the -X flag since it pipes into
xargs after the sort. You could substitute the following for the
offending while-loop:


while test $# -ge 1; do
	mount=$1
	shift
	find $mount -xdev -type f \
		\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
		\( -perm -u+s -or -perm -g+s \) -exec ls -lgTd {} \; | sort +9
done > $TMP


This maintains the same sort grouping; the downside is that the sort
depends explicitly on the # of fields output by the ls command -- if
that number changes, the sort will break.

-jay




> 
> Anyone know of a nice way of fixing this, and if so do you think it's
> something that could be/should be included in the standard distribution
> (if it already isn't since i last did a make world recently)?
>  
> -Mit
> On Fri, 17 Jan 1997, BOFH wrote:
> 
> > checking setuid files and devices:
> > find: /usr/local/pkg/may/d'adamo: illegal path
> > find: /usr/local/pkg/may/d'adamo/dadal1.txt: illegal path
> > find: /usr/home/batsy/Req/secure-web/put "httpd" here: illegal path
> >