Subject: bin/28838: /etc/security tracks changes in /dev/pts
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: S.P.Zeidler <spz@volans.1st.de>
List: netbsd-bugs
Date: 01/02/2005 17:39:00
>Number: 28838
>Category: bin
>Synopsis: daily security output contains changes in /dev/pts
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Jan 02 17:39:00 +0000 2005
>Originator: S.P.Zeidler
>Release: NetBSD 2.99.11 (02.Jan.2005)
>Organization:
dis-
>Environment:
System: NetBSD volans.1st.de 2.99.11 NetBSD 2.99.11 (VOLANS) #22: Sun Jan 2 16:20:04 CET 2005 spz@volans.1st.de:/home/netbsd/src/sys/arch/i386/compile/VOLANS i386
Architecture: i386
Machine: i386
>Description:
Output from /etc/security contains changes in /dev/pts if you
happen to use PTYFS. Not a big deal but annoying, IMO. :)
One might call it a feature, but in practise it doesn't really
convey valuable information.
>How-To-Repeat:
Use ptyfs. Run /etc/security.
>Fix:
--- /etc/defaults/security.conf 2004-10-25 12:44:19.000000000 +0200
+++ security.conf 2005-01-02 18:03:42.000000000 +0100
@@ -32,6 +32,7 @@
check_homes_permit_usergroups=NO
check_devices_ignore_fstypes="!local fdesc kernfs null procfs"
+check_devices_ignore_paths="/dev/pts"
check_mtree_follow_symlinks=NO
--- /etc/security 2004-12-05 23:47:03.000000000 +0100
+++ security 2005-01-02 18:34:37.000000000 +0100
@@ -606,7 +606,17 @@
ignfstypes=`echo $check_devices_ignore_fstypes | \
sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \
-e's/^-o //'`
- find / \( $ignfstypes \) -a -prune -o \
+ if [ "X$check_devices_ignore_paths" != "X" ]; then
+ if [ "X$ignfstypes" = "X" ]; then
+ ignpaths=`echo "!$check_devices_ignore_paths" | \
+ sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -path \2/g' \
+ -e's/^-o //'`
+ else
+ ignpaths=`echo "$check_devices_ignore_paths" | \
+ sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -path \2/g'`
+ fi
+ fi
+ find / \( $ignfstypes $ignpaths \) -a -prune -o \
\( \( -perm -u+s -a ! -type d \) -o \
\( -perm -g+s -a ! -type d \) -o \
-type b -o -type c \) -print0 | \