Date: Wed, 20 Jun 2001 21:58:30 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Tim Zingelman <zingelman@fnal.gov> Cc: freebsd-security@FreeBSD.ORG Subject: Re: grep in /etc/security Message-ID: <20010620215830.D740@blossom.cjclark.org> In-Reply-To: <Pine.GSO.4.30.0106201614480.12002-100000@nova.fnal.gov>; from zingelman@fnal.gov on Wed, Jun 20, 2001 at 04:23:21PM -0500 References: <Pine.GSO.4.30.0106201614480.12002-100000@nova.fnal.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 20, 2001 at 04:23:21PM -0500, Tim Zingelman wrote: > On several of our 4.3-RELEASE machines, we have been getting the following > in the security check output: > > x.y.z login failures: > Binary file (standard input) matches [snip] > n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l) > > returns "Binary file (standard input) matches" instead of the matches. > > Adding -a to the grep, returns the expected matches. > > Has anyone else seen this? Should I submit a PR, or is there a good > reason not to use 'grep -ai' here? Good catch. We assume that the 'messages' files contain only text. This is usually the case, but as all of the people who post messages they get in their logs when people shoot Linux RPC program exploits have shown, non-text characters can sneak in there. I'll take care of this if someone else hasn't already. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010620215830.D740>