Date: Tue, 20 Sep 2016 18:47:33 +0000 (UTC) From: Alan Somers <asomers@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r306048 - head/etc/periodic/security Message-ID: <201609201847.u8KIlXAB043021@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: asomers Date: Tue Sep 20 18:47:33 2016 New Revision: 306048 URL: https://svnweb.freebsd.org/changeset/base/306048 Log: Fix periodic scripts when an NFS mount covers a local mount 100.chksetuid and 110.neggrpperm try to search through all UFS and ZFS filesystems. But their logic contains an error. They also search through remote filesystems that are mounted on top of the root of a local filesystem. For example, if a user installs a FreeBSD system with the default ZFS layout, he'll get a zroot/usr/home filesystem. If he then mounts /usr/home over NFS, these scripts would search through /usr/home. MFC after: 4 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D7482 Modified: head/etc/periodic/security/100.chksetuid head/etc/periodic/security/110.neggrpperm Modified: head/etc/periodic/security/100.chksetuid ============================================================================== --- head/etc/periodic/security/100.chksetuid Tue Sep 20 18:38:16 2016 (r306047) +++ head/etc/periodic/security/100.chksetuid Tue Sep 20 18:47:33 2016 (r306048) @@ -46,7 +46,7 @@ then echo "" echo 'Checking setuid files and devices:' MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` - find -sx $MP /dev/null -type f \ + find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \ \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ | check_diff setuid - "${host} setuid diffs:" Modified: head/etc/periodic/security/110.neggrpperm ============================================================================== --- head/etc/periodic/security/110.neggrpperm Tue Sep 20 18:38:16 2016 (r306047) +++ head/etc/periodic/security/110.neggrpperm Tue Sep 20 18:47:33 2016 (r306048) @@ -44,7 +44,7 @@ then echo "" echo 'Checking negative group permissions:' MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` - n=$(find -sx $MP /dev/null -type f \ + n=$(find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \ \( \( ! -perm +010 -and -perm +001 \) -or \ \( ! -perm +020 -and -perm +002 \) -or \ \( ! -perm +040 -and -perm +004 \) \) \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201609201847.u8KIlXAB043021>