Subject: misc/823: /etc/security setuid-diffs should ignore setgid on dirs
To: None <gnats-admin@NetBSD.ORG>
From: None <Mark_Weaver@brown.edu>
List: netbsd-bugs
Date: 02/24/1995 00:20:14
>Number: 823
>Category: misc
>Synopsis: /etc/security setuid-diffs should ignore setgid on dirs
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: misc-bug-people (Misc Bug People)
>State: open
>Class: change-request
>Submitter-Id: mhw
>Arrival-Date: Fri Feb 24 00:20:08 1995
>Originator: Mark Weaver
>Organization:
Brown University Computer Science Dept.
>Release: NetBSD-current 2/23/95
>Environment:
System: NetBSD weaver.tsq-b.brown.edu 1.0A NetBSD 1.0A (WEAVER) #0: Fri Feb 24 01:20:19 EST 1995 mhw@weaver.tsq-b.brown.edu:/usr/src/sys/arch/i386/compile/WEAVER i386
>Description:
When /etc/security does its scan for setuid/device changes, it includes
directories with the setgid bit set. Clearly this doesn't indicate a
security problem, and it just clutters up the output.
>How-To-Repeat:
>Fix:
The following fix should only make one difference: a setgid file is only
considered if it's not a directory.
diff -c src/etc/security.mhw1 src/etc/security
*** src/etc/security.mhw1 Thu Feb 2 05:58:00 1995
--- src/etc/security Fri Feb 24 03:07:29 1995
***************
*** 348,354 ****
printf "\nChecking setuid files and devices:\n"
(find / \( ! -fstype local -o -fstype fdesc -o -fstype kernfs \
-o -fstype procfs \) -a -prune -o \
! \( -perm -u+s -o -perm -g+s -o ! -type d -a ! -type f -a ! -type l -a \
! -type s \) | \
sort | sed -e 's/^/ls -ldgT /' | sh > $LIST) 2> $OUTPUT
--- 348,355 ----
printf "\nChecking setuid files and devices:\n"
(find / \( ! -fstype local -o -fstype fdesc -o -fstype kernfs \
-o -fstype procfs \) -a -prune -o \
! \( -perm -u+s -o -perm -g+s -a ! -type d \
! -o ! -type d -a ! -type f -a ! -type l -a \
! -type s \) | \
sort | sed -e 's/^/ls -ldgT /' | sh > $LIST) 2> $OUTPUT
>Audit-Trail:
>Unformatted: