Subject: bin/28838: /etc/security tracks changes in /dev/pts
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: S.P.Zeidler <spz@volans.1st.de>
List: netbsd-bugs
Date: 01/02/2005 17:39:00
>Number:         28838
>Category:       bin
>Synopsis:       daily security output contains changes in /dev/pts
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 02 17:39:00 +0000 2005
>Originator:     S.P.Zeidler
>Release:        NetBSD 2.99.11 (02.Jan.2005)
>Organization:
dis-
>Environment:
System: NetBSD volans.1st.de 2.99.11 NetBSD 2.99.11 (VOLANS) #22: Sun Jan 2 16:20:04 CET 2005 spz@volans.1st.de:/home/netbsd/src/sys/arch/i386/compile/VOLANS i386
Architecture: i386
Machine: i386
>Description:
	Output from /etc/security contains changes in /dev/pts if you 
	happen to use PTYFS. Not a big deal but annoying, IMO. :)
	One might call it a feature, but in practise it doesn't really
	convey valuable information.
>How-To-Repeat:
	Use ptyfs. Run /etc/security.
>Fix:
	
--- /etc/defaults/security.conf	2004-10-25 12:44:19.000000000 +0200
+++ security.conf	2005-01-02 18:03:42.000000000 +0100
@@ -32,6 +32,7 @@
 check_homes_permit_usergroups=NO
 
 check_devices_ignore_fstypes="!local fdesc kernfs null procfs"
+check_devices_ignore_paths="/dev/pts"
 
 check_mtree_follow_symlinks=NO
 
--- /etc/security	2004-12-05 23:47:03.000000000 +0100
+++ security	2005-01-02 18:34:37.000000000 +0100
@@ -606,7 +606,17 @@
 	ignfstypes=`echo $check_devices_ignore_fstypes | \
 		sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \
 		    -e's/^-o //'`
-	find / \( $ignfstypes \) -a -prune -o \
+	if [ "X$check_devices_ignore_paths" != "X" ]; then
+		if [ "X$ignfstypes" = "X" ]; then
+			ignpaths=`echo "!$check_devices_ignore_paths" | \
+				sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -path \2/g' \
+				    -e's/^-o //'`
+		else
+			ignpaths=`echo "$check_devices_ignore_paths" | \
+				sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -path \2/g'`
+		fi
+	fi
+	find / \( $ignfstypes $ignpaths \) -a -prune -o \
 	    \( \( -perm -u+s -a ! -type d \) -o \
 	       \( -perm -g+s -a ! -type d \) -o \
 	       -type b -o -type c \) -print0 | \