From owner-freebsd-bugs@FreeBSD.ORG Tue Jan 8 19:30:02 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8F29416A46C for ; Tue, 8 Jan 2008 19:30:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6316913C46B for ; Tue, 8 Jan 2008 19:30:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m08JU2BV014220 for ; Tue, 8 Jan 2008 19:30:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m08JU2wJ014219; Tue, 8 Jan 2008 19:30:02 GMT (envelope-from gnats) Resent-Date: Tue, 8 Jan 2008 19:30:02 GMT Resent-Message-Id: <200801081930.m08JU2wJ014219@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Esa Karkkainen Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C7D0A16A46E for ; Tue, 8 Jan 2008 19:28:16 +0000 (UTC) (envelope-from ekarkkai@pp.htv.fi) Received: from smtp5.pp.htv.fi (smtp5.pp.htv.fi [213.243.153.39]) by mx1.freebsd.org (Postfix) with ESMTP id 4B46C13C4DB for ; Tue, 8 Jan 2008 19:28:16 +0000 (UTC) (envelope-from ekarkkai@pp.htv.fi) Received: from zero.my.domain (cs181095217.pp.htv.fi [82.181.95.217]) by smtp5.pp.htv.fi (Postfix) with ESMTP id 6CC185BC017; Tue, 8 Jan 2008 20:56:34 +0200 (EET) Received: from thunderbolt.my.domain (thunderbolt.my.domain [10.192.168.30]) by zero.my.domain (8.13.8/8.13.8) with ESMTP id m08IuXA0026032; Tue, 8 Jan 2008 20:56:34 +0200 (EET) (envelope-from ekarkkai@pp.htv.fi) Received: from thunderbolt.my.domain (localhost [127.0.0.1]) by thunderbolt.my.domain (8.14.2/8.14.2) with ESMTP id m08IuXtY003474; Tue, 8 Jan 2008 20:56:33 +0200 (EET) (envelope-from ejk@thunderbolt.my.domain) Received: (from ejk@localhost) by thunderbolt.my.domain (8.14.2/8.14.2/Submit) id m08IuXnf003473; Tue, 8 Jan 2008 20:56:33 +0200 (EET) (envelope-from ejk) Message-Id: <200801081856.m08IuXnf003473@thunderbolt.my.domain> Date: Tue, 8 Jan 2008 20:56:33 +0200 (EET) From: Esa Karkkainen To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Esa Karkkainen Subject: bin/119464: Add 'sorted' option to etc/periodic/security/security.functions X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Esa Karkkainen List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jan 2008 19:30:02 -0000 >Number: 119464 >Category: bin >Synopsis: Add 'sorted' option to etc/periodic/security/security.functions >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Jan 08 19:30:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Esa Karkkainen >Release: FreeBSD 6.3-RC2 i386 >Organization: Is in state of disintegration >Environment: System: FreeBSD 6.3-RC2 Sun Dec 30 14:33:03 EET 2007 >Description: Add option to check_diff function which changes "setuid diffs" from ---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- Amnesiac setuid diffs: --- /var/log/setuid.today Mon May 8 03:01:22 2006 +++ /tmp/security.DSozUbFb Tue Jun 13 03:01:22 2006 @@ -33,7 +33,7 @@ 612402 -r-sr-xr-x 2 root wheel 5828 May 7 13:25:03 2006 /usr/bin/yppasswd 141367 -r-sr-xr-x 1 root wheel 3400 May 7 13:14:41 2006 /usr/libexec/pt_chown 141330 -r-xr-sr-x 1 root smmsp 582752 May 7 13:28:03 2006 /usr/libexec/sendmail/sendmail -730599 -rwsr-xr-x 1 root wheel 278660 Oct 28 18:09:06 2005 /usr/local/bin/screen +730291 -rwsr-xr-x 1 root wheel 285580 Jun 12 20:56:14 2006 /usr/local/bin/screen 730672 ---s--x--x 2 root wheel 89020 Jan 27 01:52:14 2006 /usr/local/bin/sudo 730672 ---s--x--x 2 root wheel 89020 Jan 27 01:52:14 2006 /usr/local/bin/sudoedit 329886 -r-sr-sr-x 1 root authpf 14724 May 7 13:26:08 2006 /usr/sbin/authpf ---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- to ---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- Amnesiac setuid diffs: +++ /tmp/security.DSozUbFb Tue Jun 13 03:01:22 2006 --- /var/log/setuid.today Mon May 8 03:01:22 2006 +730291 -rwsr-xr-x 1 root wheel 285580 Jun 12 20:56:14 2006 /usr/local/bin/screen -730599 -rwsr-xr-x 1 root wheel 278660 Oct 28 18:09:06 2005 /usr/local/bin/screen ---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- IMHO the latter output is easier to comprehend. Patch does not change traditional FreeBSD behaviour (POLA). Admin must add "sorted" as first argument to check_diff funtion call in "/etc/periodic/security/100.chksetuid" file. >How-To-Repeat: N/A >Fix: --- /usr/src/etc/periodic/security/security.functions 2005-08-27 11:21:02.000000000 +0300 +++ security.functions 2007-11-07 22:39:30.000000000 +0200 @@ -37,16 +37,25 @@ # Usage: COMMAND | check_diff [new_only] LABEL - MSG # COMMAND > TMPFILE; check_diff [new_only] LABEL TMPFILE MSG # if $1 is new_only, show only the 'new' part of the diff. +# if $1 is sorted, show 'old' and 'new' parts of the diff sorted by filename # LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files. check_diff() { rc=0 - if [ "$1" = "new_only" ]; then - shift - filter="grep '^[>+]'" - else - filter="cat" - fi + case "$1" + in + "new_only") + shift + filter="grep '^[>+]'" + ;; + "sorted") + shift + filter="grep '^[>+-]' | sort -k 11" + ;; + *) + filter="cat" + ;; + esac label="$1"; shift tmpf="$1"; shift msg="$1"; shift >Release-Note: >Audit-Trail: >Unformatted: