Bug#1766: Bug in script checksecurity in package cron
Hi,
I'm sorry, I should have investigated further before firing
off that bug report about checksecurity. There is no problem with
multiple dir arguments to find (which is perfectly legal, as Ian
Jackson pointed out).
The problem was that there were no
/var/log/setuid.{today,yesterday} files on my system, and
checksecurity failed to create them, resulting in a mail message
every time the cron job was run. If such a file is created, maybe
there is no problem, so a generic setuid.today file should be
installed? (From the trace below, you can see that the diff fails if
there is no setuid.today file). Should I file a fresh bug report?
manoj
Here is what I did to check that:
<root@melkor:[~]> rm -f /var/log/setuid.today
<root@melkor:[~]> bash -x checksecurity.dist
+ set -e
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ LOG=/var/log
+ TMP=/tmp/_secure.21828
+ umask 077
+ cd /
++ mount
++ grep -vE type (proc|iso9660) |^/dev/fd| on /mnt
++ cut -d -f 3
+ find / /dos /usr /usr/local -xdev ( -type f -perm +06000 -o -type b
-o -type c ) -ls
+ sort
+ cmp -s /var/log/setuid.today /tmp/_secure.21828
++ hostname
+ echo melkor changes to setuid programs and devices:
melkor changes to setuid programs and devices:
+ diff /var/log/setuid.today /tmp/_secure.21828
diff: /var/log/setuid.today: No such file or directory
+ [ 2 = 1 ]
<root@melkor:[~]> cp /var/log/setuid.yesterday /var/log/setuid.today
<root@melkor:[~]> bash -x checksecurity.dist
+ set -e
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ LOG=/var/log
+ TMP=/tmp/_secure.21873
+ umask 077
+ cd /
++ mount
++ grep -vE type (proc|iso9660) |^/dev/fd| on /mnt
++ cut -d -f 3
+ find / /dos /usr /usr/local -xdev ( -type f -perm +06000 -o -type b
-o -type c ) -ls
+ sort
+ cmp -s /var/log/setuid.today /tmp/_secure.21873
++ hostname
+ echo melkor changes to setuid programs and devices:
melkor changes to setuid programs and devices:
+ diff /var/log/setuid.today /tmp/_secure.21873
5c5,6
< 2111 68 -rwsr-x--- 1 root dip 69632 Oct 22 21:27
/usr/sbin/dip
---
> 2098 68 -rwsr-x--- 1 root dip 69632 Oct 24 19:19
> /usr/sbin/dip
[much deleted here]
+ [ 1 = 1 ]
+ mv /var/log/setuid.today /var/log/setuid.yesterday
+ mv /tmp/_secure.21873 /var/log/setuid.today
+ rm -f /tmp/_secure.21873
-- To be sure of hitting the target, shoot first, and call whatever you
hit the target. Ashleigh Brilliant
Manoj Srivastava Project Pilgrim, Department of Computer Science
Phone: (413) 545-3918 A143B Lederle Graduate Research Center
Fax: (413) 545-1249 University of Massachusetts, Amherst, MA 01003
email:srivasta@pilgrim.umass.edu http://www.pilgrim.umass.edu/~srivasta/
Reply to: