Date: Tue, 8 Jan 2008 20:56:33 +0200 (EET) From: Esa Karkkainen <ejk@iki.fi> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Esa Karkkainen <ejk@iki.fi> Subject: bin/119464: Add 'sorted' option to etc/periodic/security/security.functions Message-ID: <200801081856.m08IuXnf003473@thunderbolt.my.domain> Resent-Message-ID: <200801081930.m08JU2wJ014219@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 119464
>Category: bin
>Synopsis: Add 'sorted' option to etc/periodic/security/security.functions
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 08 19:30:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Esa Karkkainen
>Release: FreeBSD 6.3-RC2 i386
>Organization:
Is in state of disintegration
>Environment:
System: FreeBSD 6.3-RC2 Sun Dec 30 14:33:03 EET 2007
>Description:
Add option to check_diff function which changes "setuid diffs" from
---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---
Amnesiac setuid diffs:
--- /var/log/setuid.today Mon May 8 03:01:22 2006
+++ /tmp/security.DSozUbFb Tue Jun 13 03:01:22 2006
@@ -33,7 +33,7 @@
612402 -r-sr-xr-x 2 root wheel 5828 May 7 13:25:03 2006 /usr/bin/yppasswd
141367 -r-sr-xr-x 1 root wheel 3400 May 7 13:14:41 2006 /usr/libexec/pt_chown
141330 -r-xr-sr-x 1 root smmsp 582752 May 7 13:28:03 2006 /usr/libexec/sendmail/sendmail
-730599 -rwsr-xr-x 1 root wheel 278660 Oct 28 18:09:06 2005 /usr/local/bin/screen
+730291 -rwsr-xr-x 1 root wheel 285580 Jun 12 20:56:14 2006 /usr/local/bin/screen
730672 ---s--x--x 2 root wheel 89020 Jan 27 01:52:14 2006 /usr/local/bin/sudo
730672 ---s--x--x 2 root wheel 89020 Jan 27 01:52:14 2006 /usr/local/bin/sudoedit
329886 -r-sr-sr-x 1 root authpf 14724 May 7 13:26:08 2006 /usr/sbin/authpf
---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---
to
---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---
Amnesiac setuid diffs:
+++ /tmp/security.DSozUbFb Tue Jun 13 03:01:22 2006
--- /var/log/setuid.today Mon May 8 03:01:22 2006
+730291 -rwsr-xr-x 1 root wheel 285580 Jun 12 20:56:14 2006 /usr/local/bin/screen
-730599 -rwsr-xr-x 1 root wheel 278660 Oct 28 18:09:06 2005 /usr/local/bin/screen
---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---
IMHO the latter output is easier to comprehend.
Patch does not change traditional FreeBSD behaviour (POLA).
Admin must add "sorted" as first argument to check_diff funtion call in
"/etc/periodic/security/100.chksetuid" file.
>How-To-Repeat:
N/A
>Fix:
--- /usr/src/etc/periodic/security/security.functions 2005-08-27 11:21:02.000000000 +0300
+++ security.functions 2007-11-07 22:39:30.000000000 +0200
@@ -37,16 +37,25 @@
# Usage: COMMAND | check_diff [new_only] LABEL - MSG
# COMMAND > TMPFILE; check_diff [new_only] LABEL TMPFILE MSG
# if $1 is new_only, show only the 'new' part of the diff.
+# if $1 is sorted, show 'old' and 'new' parts of the diff sorted by filename
# LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files.
check_diff() {
rc=0
- if [ "$1" = "new_only" ]; then
- shift
- filter="grep '^[>+]'"
- else
- filter="cat"
- fi
+ case "$1"
+ in
+ "new_only")
+ shift
+ filter="grep '^[>+]'"
+ ;;
+ "sorted")
+ shift
+ filter="grep '^[>+-]' | sort -k 11"
+ ;;
+ *)
+ filter="cat"
+ ;;
+ esac
label="$1"; shift
tmpf="$1"; shift
msg="$1"; shift
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801081856.m08IuXnf003473>