Fix 100.chksetuid and 110.neggrpperm for mountpoints with spaces

Also, fix them for mountpoints with tabs. PR: 48325 Reported by: [email protected], [email protected] MFC after: 3 weeks
project-fifo · Aug 25, 2017 · b31ace7 · b31ace7
1 parent 81191b7
commit b31ace7
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 2 deletions.
diff --git a/etc/periodic/security/100.chksetuid b/etc/periodic/security/100.chksetuid
@@ -45,7 +45,13 @@ if check_yesno_period security_status_chksetuid_enable
 then
 	echo ""
 	echo 'Checking setuid files and devices:'
-	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
+	IFS=$'\n'	# Don't split mount points with spaces or tabs
+	MP=`mount -t ufs,zfs | awk '
+		$0 !~ /no(suid|exec)/ {
+			sub(/^.* on \//, "/");
+			sub(/ \(.*\)/, "");
+			print $0
+		}'`
 	find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
 	    \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
 	    \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |

diff --git a/etc/periodic/security/110.neggrpperm b/etc/periodic/security/110.neggrpperm
@@ -43,7 +43,13 @@ if check_yesno_period security_status_neggrpperm_enable
 then
 	echo ""
 	echo 'Checking negative group permissions:'
-	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
+	IFS=$'\n'	# Don't split mount points with spaces or tabs
+	MP=`mount -t ufs,zfs | awk '
+		$0 !~ /no(suid|exec)/ {
+			sub(/^.* on \//, "/");
+			sub(/ \(.*\)/, "");
+			print $0
+		}'`
 	n=$(find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
 	    \( \( ! -perm +010 -and -perm +001 \) -or \
 	    \( ! -perm +020 -and -perm +002 \) -or \

diff --git a/etc/periodic/security/security.functions b/etc/periodic/security/security.functions
@@ -48,6 +48,7 @@ rc=0
 #   LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files.
 
 check_diff() {
+  unset IFS
   rc=0
   if [ "$1" = "new_only" ]; then
     shift