On Thu, Dec 30, 2010 at 12:08:33AM +0100, Ingo Schwarze wrote:
> I consider this a bug in security(8).
>
> The following is the best i could come up with so far; make sure
> to wear your sed-peril-proof sunglasses before reading the patch.
>
> This still mangles the file name, but at least you have a chance
> to find it on your disk. Anybody has a better plan?
>
> I already told Marcus on misc to mount that one -o nodev,noexec
> and use SUIDSKIP; but that's rather a workaround than a fix.
>
>
> On misc@, MERIGHI Marcus wrote on Wed, Dec 29, 2010 at 07:43:08PM +0100:
>
> > security(8) reports
> > ``/home/XXX/Daten/Edv/macs/macs-home/Library/Application''
> > as ``Setuid additions:'' where the real file name is
> > ``/home/XXX/Daten/Edv/macs/macs-home/Library/Application Support/\
> > ProxyOnOff/proxyOnOffTool''
> >
> > I have found the source of the wrong file name report to be in line 437
> > of /etc/security:
> > ``egrep -av '^[bc]' $LIST | join -o $FIELDS2 -110 -210 -v2 \
> > /dev/null - > $TMP1'',
> >
> > with join having space (and tab) characters as field separators and thus
> > ignoring after first space characters found in field 10.
> >
> > No quick fix that comes to my mind, using -t to join(1) would help only
> > if the output of ls(1) in line 430 would be changed to not contain space
> > characters as output separators.
> >
> > Is this known and if yes, would a patch to the man page be accepted?
> >
> > And no, I do not use space characters voluntarily in file names. It is a
> > back up of an osx system.
>
>
> --- security Wed Jun 3 11:06:07 2009
> +++ /etc/security Wed Dec 29 15:56:37 2010
> @@ -427,7 +427,9 @@
> \) -a -prune -o \
> -type f -a \( -perm -u+s -o -perm -g+s \) -print0 -o \
> ! -type d -a ! -type f -a ! -type l -a ! -type s -a ! -type p \
> - -print0 | xargs -0 -r ls -ldgT | sort +9 > $LIST
> + -print0 | xargs -0 -r ls -ldgT | \
> + sed 'h;s,[^/]*,,;s,[[:blank:]],_,g;x;s,/.*,,;G;s/\n//' | \
> + sort +9 > $LIST
> )
>
> # Display any changes in the setuid/setgid file list.
My guess is that it would be better to sort first and then run xargs.
Something like:
find .... -print0 | sort -z | xargs -0 -L1 ls -ldgT
-Otto
