#
267654 |
|
19-Jun-2014 |
gjb |
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
225736 |
|
22-Sep-2011 |
kensmith |
Copy head to stable/9 as part of 9.0-RELEASE release cycle.
Approved by: re (implicit)
|
#
175906 |
|
02-Feb-2008 |
des |
Eliminate xargs in favor of find -exec {} +
|
#
175890 |
|
02-Feb-2008 |
des |
Rewrite to consume significantly less memory, by using find -s instead of find | sort. As a bonus, this simplifies the logic considerably. Also remove the bogus "overruning the args to ls" comment and the corresponding "-n 20" argument to xargs; the whole point with xargs is precisely that it knows how large the argument list can safely get.
Note that the first run of the updated script may hypotheticall produce false positives due to differences between find's and sort's sorting algorithm. I haven't seen this during testing, but others might.
MFC after: 2 weeks
|
#
173873 |
|
23-Nov-2007 |
ru |
Also check setuid executables on ZFS.
|
#
140186 |
|
13-Jan-2005 |
glebius |
Don't do setuid checks on file systems mounted with noexec option.
Reviewed by: brian, ru MFC after: 1 week
|
#
105936 |
|
25-Oct-2002 |
thomas |
Factor out code across various /etc/periodic/security scripts into a separate file, /etc/periodic/security/security.functions.
Reviewed by: roberto (mentor) Approved by: re@
|
#
103903 |
|
24-Sep-2002 |
ache |
Make it work with POSIX sort (POS arg). All old sorts understand -k too.
|
#
102398 |
|
25-Aug-2002 |
cjc |
Only create a temporary file if we are actually going to do something in the script. Eliminates a bug where we create a temp file, but don't delete it since the rm(1) is only done if the check is enabled.
PR: bin/40960 Submitted by: frf <frf@xocolatl.com> MFC after: 3 days
|
#
101281 |
|
03-Aug-2002 |
gshapiro |
If all file systems are marked nosuid, the line:
MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`
sets ${MP} to an empty string so the next line:
set ${MP}
actually just dumps all of the shells variables to stdout (and therefore the security report). Fixed by surrounding the code which goes through the mounts with a test for an empty string before using ${MP}.
Reviewed by: brian MFC after: 3 days
|
#
96805 |
|
17-May-2002 |
brian |
Tighten up temporary file permissions and move them to ${TMPDIR:-/tmp}
Problem reported by: lumpy <lumpy@the.whole.net> MFC after: 3 days
|
#
96048 |
|
04-May-2002 |
cjc |
Remove leading whitespace from the setuid file lists.
Due to the way we run ls(1), through xargs(1), the leading whitespace can change even when the setuid files haven't. To avoid displaying these lines, we currently run diff(1) with the '-w' option. However, this is probably not the ideal way to go; there is a very, very small possibility for diff(1) to miss things is shouldn't. So, with the leading space cleaned, we can revert to the '-b' option which is "safer."
PR: conf/37618 Reviewed by: brian MFC after: 3 days
|
#
87514 |
|
07-Dec-2001 |
cjc |
Long ago, there was just /etc/daily. Then /etc/security was split out of /etc/daily. Some time later, /etc/daily became a set of periodic(8) scripts. Now, this evolution continues, and /etc/security has been broken into periodic(8) scripts to make local customization easier and more maintainable.
Reviewed by: ru Approved by: ru
|