From a4afe9200ce9093c4343aba7ebd7fe12bb223f36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Sat, 2 Feb 2008 12:27:37 +0000 Subject: [PATCH] Rewrite to consume significantly less memory, by using find -s instead of find | sort. As a bonus, this simplifies the logic considerably. Also remove the bogus "overruning the args to ls" comment and the corresponding "-n 20" argument to xargs; the whole point with xargs is precisely that it knows how large the argument list can safely get. Note that the first run of the updated script may hypotheticall produce false positives due to differences between find's and sort's sorting algorithm. I haven't seen this during testing, but others might. MFC after: 2 weeks --- etc/periodic/security/100.chksetuid | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/etc/periodic/security/100.chksetuid b/etc/periodic/security/100.chksetuid index 2921ee6b7fd9..451c6b604504 100755 --- a/etc/periodic/security/100.chksetuid +++ b/etc/periodic/security/100.chksetuid @@ -43,22 +43,17 @@ case "$daily_status_security_chksetuid_enable" in [Yy][Ee][Ss]) echo "" echo 'Checking setuid files and devices:' - # XXX Note that there is the possibility of overrunning the args to ls - MP=`mount -t ufs,zfs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | sort` - if [ -n "${MP}" ] - then - set ${MP} - while [ $# -ge 1 ]; do - mount=$1 - shift - find $mount -xdev -type f \ - \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ - \( -perm -u+s -or -perm -g+s \) -print0 - done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort -k 11 | - check_diff setuid - "${host} setuid diffs:" - rc=$? - fi;; - *) rc=0;; + MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` + find -sx $MP /dev/null -type f \ + \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ + \( -perm -u+s -or -perm -g+s \) -print0 | + xargs -0 ls -liTd | + check_diff setuid - "${host} setuid diffs:" + rc=$? + ;; + *) + rc=0 + ;; esac exit $rc