Rewrite to consume significantly less memory, by using find -s instead of

find | sort. As a bonus, this simplifies the logic considerably. Also remove the bogus "overruning the args to ls" comment and the corresponding "-n 20" argument to xargs; the whole point with xargs is precisely that it knows how large the argument list can safely get. Note that the first run of the updated script may hypotheticall produce false positives due to differences between find's and sort's sorting algorithm. I haven't seen this during testing, but others might. MFC after: 2 weeks
svn path=/head/; revision=175890
2024-12-04 10:19:26 +00:00 · 2008-02-02 12:27:37 +00:00 · 2008-02-02 12:27:37 +00:00 · a4afe9200c · 2020-12-20 02:59:44 +00:00
commit a4afe9200c
parent f9773372c3
1 changed files with 11 additions and 16 deletions
--- a/etc/periodic/security/100.chksetuid
+++ b/etc/periodic/security/100.chksetuid
@ -43,22 +43,17 @@ case "$daily_status_security_chksetuid_enable" in
    [Yy][Ee][Ss])
 	echo ""
 	echo 'Checking setuid files and devices:'
-	# XXX Note that there is the possibility of overrunning the args to ls
-	MP=`mount -t ufs,zfs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | sort`
-	if [ -n "${MP}" ]
-	then
-	    set ${MP}
-	    while [ $# -ge 1 ]; do
-	        mount=$1
-	        shift
-	        find $mount -xdev -type f \
-			\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
-			\( -perm -u+s -or -perm -g+s \) -print0
-	    done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort -k 11 |
-	      check_diff setuid - "${host} setuid diffs:"
-	    rc=$?
-	fi;;
-    *)	rc=0;;
+	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
+	find -sx $MP /dev/null -type f \
+	    \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
+	    \( -perm -u+s -or -perm -g+s \) -print0 |
+	xargs -0 ls -liTd |
+	check_diff setuid - "${host} setuid diffs:"
+	rc=$?
+	;;
+    *)
+	rc=0
+	;;
 esac

 exit $rc