If all file systems are marked nosuid, the line:

MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort` sets ${MP} to an empty string so the next line: set ${MP} actually just dumps all of the shells variables to stdout (and therefore the security report). Fixed by surrounding the code which goes through the mounts with a test for an empty string before using ${MP}. Reviewed by: brian MFC after: 3 days
2002-08-03 22:33:34 +00:00 · 2002-08-03 22:33:34 +00:00 · 8cc0839b13
commit 8cc0839b13
parent 17a175bb0b
1 changed files with 11 additions and 8 deletions
--- a/etc/periodic/security/100.chksetuid
+++ b/etc/periodic/security/100.chksetuid
@ -45,14 +45,17 @@ case "$daily_status_security_chksetuid_enable" in
 	echo 'Checking setuid files and devices:'
 	# XXX Note that there is the possibility of overrunning the args to ls
 	MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`
-	set ${MP}
-	while [ $# -ge 1 ]; do
-	    mount=$1
-	    shift
-	    find $mount -xdev -type f \
-		    \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
-		    \( -perm -u+s -or -perm -g+s \) -print0
-	done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort +10 > ${TMP}
+	if [ -n "${MP}" ]
+	then
+	    set ${MP}
+	    while [ $# -ge 1 ]; do
+	        mount=$1
+	        shift
+	        find $mount -xdev -type f \
+			\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
+			\( -perm -u+s -or -perm -g+s \) -print0
+	    done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort +10 > ${TMP}
+	fi

 	if [ ! -f ${LOG}/setuid.today ]; then
 	    rc=1