svn commit: r306048 - head/etc/periodic/security

Alan Somers asomers at FreeBSD.org
Tue Sep 20 18:47:35 UTC 2016 

Author: asomers
Date: Tue Sep 20 18:47:33 2016
New Revision: 306048
URL: https://svnweb.freebsd.org/changeset/base/306048

Log:
  Fix periodic scripts when an NFS mount covers a local mount
  
  100.chksetuid and 110.neggrpperm try to search through all UFS and ZFS
  filesystems. But their logic contains an error. They also search through
  remote filesystems that are mounted on top of the root of a local
  filesystem. For example, if a user installs a FreeBSD system with the
  default ZFS layout, he'll get a zroot/usr/home filesystem. If he then mounts
  /usr/home over NFS, these scripts would search through /usr/home.
  
  MFC after:	4 weeks
  Sponsored by:	Spectra Logic Corp
  Differential Revision:	https://reviews.freebsd.org/D7482

Modified:
  head/etc/periodic/security/100.chksetuid
  head/etc/periodic/security/110.neggrpperm

Modified: head/etc/periodic/security/100.chksetuid
==============================================================================
--- head/etc/periodic/security/100.chksetuid	Tue Sep 20 18:38:16 2016	(r306047)
+++ head/etc/periodic/security/100.chksetuid	Tue Sep 20 18:47:33 2016	(r306048)
@@ -46,7 +46,7 @@ then
 	echo ""
 	echo 'Checking setuid files and devices:'
 	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
-	find -sx $MP /dev/null -type f \
+	find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
 	    \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
 	    \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |
 	check_diff setuid - "${host} setuid diffs:"

Modified: head/etc/periodic/security/110.neggrpperm
==============================================================================
--- head/etc/periodic/security/110.neggrpperm	Tue Sep 20 18:38:16 2016	(r306047)
+++ head/etc/periodic/security/110.neggrpperm	Tue Sep 20 18:47:33 2016	(r306048)
@@ -44,7 +44,7 @@ then
 	echo ""
 	echo 'Checking negative group permissions:'
 	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
-	n=$(find -sx $MP /dev/null -type f \
+	n=$(find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
 	    \( \( ! -perm +010 -and -perm +001 \) -or \
 	    \( ! -perm +020 -and -perm +002 \) -or \
 	    \( ! -perm +040 -and -perm +004 \) \) \

More information about the svn-src-all mailing list