svn commit: r324060 - stable/11/etc/periodic/security

[Alan Somers]

Author: asomers
Date: Wed Sep 27 15:05:49 2017
New Revision: 324060
URL: https://svnweb.freebsd.org/changeset/base/324060

Log:
  MFC r322868:
  
  Fix 100.chksetuid and 110.neggrpperm for mountpoints with spaces
  
  Also, fix them for mountpoints with tabs.
  
  PR:		48325
  Reported by:	pguyot at kallisys.net, aaron at baugher.biz

Modified:
  stable/11/etc/periodic/security/100.chksetuid
  stable/11/etc/periodic/security/110.neggrpperm
  stable/11/etc/periodic/security/security.functions
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/etc/periodic/security/100.chksetuid
==============================================================================
--- stable/11/etc/periodic/security/100.chksetuid	Wed Sep 27 14:59:18 2017	(r324059)
+++ stable/11/etc/periodic/security/100.chksetuid	Wed Sep 27 15:05:49 2017	(r324060)
@@ -45,7 +45,13 @@ if check_yesno_period security_status_chksetuid_enable
 then
 	echo ""
 	echo 'Checking setuid files and devices:'
-	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
+	IFS=$'\n'	# Don't split mount points with spaces or tabs
+	MP=`mount -t ufs,zfs | awk '
+		$0 !~ /no(suid|exec)/ {
+			sub(/^.* on \//, "/");
+			sub(/ \(.*\)/, "");
+			print $0
+		}'`
 	find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
 	    \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
 	    \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |

Modified: stable/11/etc/periodic/security/110.neggrpperm
==============================================================================
--- stable/11/etc/periodic/security/110.neggrpperm	Wed Sep 27 14:59:18 2017	(r324059)
+++ stable/11/etc/periodic/security/110.neggrpperm	Wed Sep 27 15:05:49 2017	(r324060)
@@ -43,7 +43,13 @@ if check_yesno_period security_status_neggrpperm_enabl
 then
 	echo ""
 	echo 'Checking negative group permissions:'
-	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
+	IFS=$'\n'	# Don't split mount points with spaces or tabs
+	MP=`mount -t ufs,zfs | awk '
+		$0 !~ /no(suid|exec)/ {
+			sub(/^.* on \//, "/");
+			sub(/ \(.*\)/, "");
+			print $0
+		}'`
 	n=$(find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
 	    \( \( ! -perm +010 -and -perm +001 \) -or \
 	    \( ! -perm +020 -and -perm +002 \) -or \

Modified: stable/11/etc/periodic/security/security.functions
==============================================================================
--- stable/11/etc/periodic/security/security.functions	Wed Sep 27 14:59:18 2017	(r324059)
+++ stable/11/etc/periodic/security/security.functions	Wed Sep 27 15:05:49 2017	(r324060)
@@ -48,6 +48,7 @@ rc=0
 #   LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files.
 
 check_diff() {
+  unset IFS
   rc=0
   if [ "$1" = "new_only" ]; then
     shift