o...@drijf.net (Otto Moerbeek), 2010.12.30 (Thu) 20:53 (CET): > On Thu, Dec 30, 2010 at 12:08:33AM +0100, Ingo Schwarze wrote: > > > I consider this a bug in security(8). > > > > The following is the best i could come up with so far; make sure > > to wear your sed-peril-proof sunglasses before reading the patch. > > > > This still mangles the file name, but at least you have a chance > > to find it on your disk. Anybody has a better plan? > > > > I already told Marcus on misc to mount that one -o nodev,noexec > > and use SUIDSKIP; but that's rather a workaround than a fix. > > > > > > On misc@, MERIGHI Marcus wrote on Wed, Dec 29, 2010 at 07:43:08PM +0100: > > > > > security(8) reports > > > ``/home/XXX/Daten/Edv/macs/macs-home/Library/Application'' > > > as ``Setuid additions:'' where the real file name is > > > ``/home/XXX/Daten/Edv/macs/macs-home/Library/Application Support/\ > > > ProxyOnOff/proxyOnOffTool'' > > > > > > I have found the source of the wrong file name report to be in line 437 > > > of /etc/security: > > > ``egrep -av '^[bc]' $LIST | join -o $FIELDS2 -110 -210 -v2 \ > > > /dev/null - > $TMP1'', > > > > > > with join having space (and tab) characters as field separators and thus > > > ignoring after first space characters found in field 10. > > > > > > No quick fix that comes to my mind, using -t to join(1) would help only > > > if the output of ls(1) in line 430 would be changed to not contain space > > > characters as output separators. > > > > > > Is this known and if yes, would a patch to the man page be accepted? > > > > > > And no, I do not use space characters voluntarily in file names. It is a > > > back up of an osx system. > > > > --- security Wed Jun 3 11:06:07 2009 > > +++ /etc/security Wed Dec 29 15:56:37 2010 > > @@ -427,7 +427,9 @@ > > \) -a -prune -o \ > > -type f -a \( -perm -u+s -o -perm -g+s \) -print0 -o \ > > ! -type d -a ! -type f -a ! -type l -a ! -type s -a ! -type p \ > > - -print0 | xargs -0 -r ls -ldgT | sort +9 > $LIST > > + -print0 | xargs -0 -r ls -ldgT | \ > > + sed 'h;s,[^/]*,,;s,[[:blank:]],_,g;x;s,/.*,,;G;s/\n//' | \ > > + sort +9 > $LIST > > ) > > > > # Display any changes in the setuid/setgid file list. > > My guess is that it would be better to sort first and then run xargs. > Something like: > find .... -print0 | sort -z | xargs -0 -L1 ls -ldgT
I'd like that one, by far more dapper; but it does not change a thing about the abbreviated file name beeing compared and reported by join(1). Marcus
