Bug#4656: checksecurity script has incorrect regular expression.
Package: cron
Version: 3.0pl1-32
I have about 12 Debian-1.1.8 systems running using NFS, amd, NIS
and cfengine to configure and share info. All of the systems send
me a copy of mail sent to root. Every morning I receive mail
from cron's run-parts showing one of the NFS file-systems and
an error message "permission denied". I tracked this down to
a small error in the regular expression in the /usr/sbin/checksecurity
script that is supposed to exclude most nfs mounted filesystems
from being scanned by the find command it executes.
I suggest that the attached patch be applied. The addition
of "auto" type filesystems to those being excluded seemed like
a good idea while I was trying to fix this but isn't strictly
necessary. The necessary part is the addition of the "s" and the
removal of the " ".
I've also attached an example of the problem. In the example, the
filesystem /net/ds9/export/cfengine should have been excluded from
the search since it is "type nfs" and has "nosuid" and "nodevs" as
listed attributes. But since the regular expression left off the
"s" of "nodevs" and has an extraneous " " after the closing paren
after "nodevs", grep failed to match it.
haven% uname -a
Linux haven 2.0.18 #1 Sun Sep 8 00:08:20 EDT 1996 i486
Thanks.
--
_________________________________________________________________
David M. Cooke d.m.cooke@larc.nasa.gov
--- checksecurity.cfsaved Sun Jun 9 12:46:22 1996
+++ checksecurity Mon Sep 30 11:30:12 1996
@@ -11,7 +11,7 @@
umask 077
cd /
-find `mount | grep -vE ' type (proc|msdos|iso9660|nfs.*(nosuid|noexec).*nodev) |^/dev/fd| on /mnt' \
+find `mount | grep -vE ' type (proc|msdos|iso9660|auto|nfs.*(nosuid|noexec).*nodevs)|^/dev/fd| on /mnt' \
| cut -d ' ' -f 3` \
-xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \
| sort >$TMP
dilbert% id
uid=0(root) gid=0(root) groups=582(a00582),25(floppy),60(games),695(a00695)
dilbert% pwd
/a/net/haven/home/dcooke
dilbert% cd /net/ds9/export/cfengine/
dilbert% mount
/dev/hda1 on / type ext2 (rw)
/proc on /proc type proc (rw)
/dev/hda3 on /hda3 type ext2 (rw)
bashir:/scr/debian on /debian type nfs (ro,timeo=10,intr,addr=128.155.4.169)
dilbert:(pid224) on /net type auto (intr,rw,port=1023,timeo=8,retrans=110,indirect,map=amd.net)
haven:/home on /a/net/haven/home type nfs (rw,intr,grpid,nosuid,nodevs)
ds9:/export/cfengine on /a/net/ds9/export/cfengine type nfs (rw,intr,grpid,nosuid,nodevs)
ds9:/home on /a/net/ds9/home type nfs (rw,intr,grpid,nosuid,nodevs)
dilbert% /usr/sbin/checksecurity
find: /a/net/ds9/home: Permission denied
dilbert changes to setuid programs and devices:
309,312c309,312
< 97907 0 crw-rw-rw- 1 root root 4, 128 Sep 27 13:06 /dev/ptyp0
< 97908 0 crw-rw-rw- 1 root root 4, 192 Sep 27 13:06 /dev/ttyp0
< 97909 0 crw-rw-rw- 1 root root 4, 129 Sep 24 07:43 /dev/ptyp1
< 97910 0 crw-rw-rw- 1 root tty 4, 193 Sep 24 07:43 /dev/ttyp1
---
> 97907 0 crw-rw-rw- 1 root root 4, 128 Sep 30 13:32 /dev/ptyp0
> 97908 0 crw--w---- 1 dcooke tty 4, 192 Sep 30 13:32 /dev/ttyp0
> 97909 0 crw-rw-rw- 1 root root 4, 129 Sep 30 13:34 /dev/ptyp1
> 97910 0 crw-rw-rw- 1 root tty 4, 193 Sep 30 13:33 /dev/ttyp1
437c437
< 98041 0 crw-rw---- 1 root tty 4, 64 Sep 27 13:06 /dev/ttyS0
---
> 98041 0 crw-rw---- 1 root tty 4, 64 Sep 30 12:27 /dev/ttyS0
1043a1044
> 1879201551 1 -rwsr-xr-x 1 root users 612 Jan 29 1996 /a/net/haven/home/local/plan-1.4.2/bin/Killpland
Reply to: