Debian bug report logs - #1766
Bug in script checksecurity in package cron
Package: cron; Reported by: srivasta@pilgrim.umass.edu (Manoj Srivastava); Done: Ian Jackson <ian@chiark.chu.cam.ac.uk>.
Message received at debian-bugs-done:
From chiark.chu.cam.ac.uk!ian Sat Oct 28 18:42:22 1995
Return-Path: <ian@chiark.chu.cam.ac.uk>
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t9MlR-000DdZC; Sat, 28 Oct 95 18:42 PDT
Received: from artemis.chu.cam.ac.uk by pixar.com with SMTP id AA08819
(5.67b/IDA-1.5 for debian-bugs-done-pipe@mongo.pixar.com); Sat, 28 Oct 1995 18:41:52 -0700
Received: from chiark.chu.cam.ac.uk by artemis.chu.cam.ac.uk with smtp
(Smail3.1.29.1 #33) id m0t9MlC-0007uQC; Sun, 29 Oct 95 01:42 GMT
Received: by chiark.chu.cam.ac.uk
id m0t9Ml1-0002bdC
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sun, 29 Oct 95 01:41 GMT
Message-Id: <m0t9Ml1-0002bdC@chiark.chu.cam.ac.uk>
Date: Sun, 29 Oct 95 01:41 GMT
From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
To: srivasta@pilgrim.umass.edu (Manoj Srivastava), debian-bugs-done@Pixar.com
Subject: Re: Bug#1766: Bug in script checksecurity in package cron
Newsgroups: chiark.mail.debian.devel
In-Reply-To: <mlist1027063424-29542.iwj10@cus.cam.ac.uk>
References: <m0t8SEJ-0002baC@chiark.chu.cam.ac.uk>
<mlist1027063424-29542.iwj10@cus.cam.ac.uk>
Manoj Srivastava writes ("Bug#1766: Bug in script checksecurity in package cron"):
> I'm sorry, I should have investigated further before firing
> off that bug report about checksecurity. There is no problem with
> multiple dir arguments to find (which is perfectly legal, as Ian
> Jackson pointed out).
>
> The problem was that there were no
> /var/log/setuid.{today,yesterday} files on my system, and
> checksecurity failed to create them, resulting in a mail message
> every time the cron job was run. If such a file is created, maybe
> there is no problem, so a generic setuid.today file should be
> installed? (From the trace below, you can see that the diff fails if
> there is no setuid.today file). Should I file a fresh bug report?
This is fixed in the most recent version of cron.
I'll close this bug report.
Thanks,
Ian.
Notification sent to srivasta@pilgrim.umass.edu (Manoj Srivastava):
Bug acknowledged by developer.
Full text available.
Reply sent to Ian Jackson <ian@chiark.chu.cam.ac.uk>:
You have taken responsibility.
Full text available.
Message received at debian-bugs:
From pilgrim.umass.edu!srivasta Thu Oct 26 23:26:58 1995
Return-Path: <srivasta@pilgrim.umass.edu>
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t8iFm-000BWxC; Thu, 26 Oct 95 23:26 PDT
Received: from plymouth.pilgrim.umass.edu by pixar.com with SMTP id AA28262
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Thu, 26 Oct 1995 23:26:32 -0700
Received: (from srivasta@localhost) by plymouth.pilgrim.umass.edu (8.6.12/8.6.12) id CAA00947; Fri, 27 Oct 1995 02:26:52 -0400
Sender: srivasta@pilgrim.umass.edu
To: debian-bugs@Pixar.com
Cc: (Manoj Srivastava)
Subject: Re: Bug#1766: Bug in script checksecurity in package cron
X-Geek-3: GE/CS d+(--) s:++>: a C++++$ ULUHO++++$ P+++$ L+++ E+++
W+++$ N+++ K-? !w--- O-? !M-- !V-- PS+ PE- Y+ PGP++ t@ 5++ !X R++
b+++ DI+++ D- G e+++ h+ r++ y+
X-Organization: University of Massachusetts, Amherst, MA 01003
X-Time: Fri Oct 27 02:26:33 1995
Mailer: Vm 5.95 (beta) for GNU Emacs 19.14 XEmacs Lucid (beta5)
References: <m0t8SEJ-0002baC@chiark.chu.cam.ac.uk>
From: srivasta@pilgrim.umass.edu (Manoj Srivastava)
Date: 27 Oct 1995 02:26:33 -0400
In-Reply-To: Ian Jackson's message of Thu, 26 Oct 95 13:20 GMT
Message-Id: <gvx3fcfsaqu.fsf@plymouth.pilgrim.umass.edu>
Organization: Project Pilgrim, University of Massachusetts at Amherst
Lines: 80
X-Mailer: September Gnus v0.11
Hi,
I'm sorry, I should have investigated further before firing
off that bug report about checksecurity. There is no problem with
multiple dir arguments to find (which is perfectly legal, as Ian
Jackson pointed out).
The problem was that there were no
/var/log/setuid.{today,yesterday} files on my system, and
checksecurity failed to create them, resulting in a mail message
every time the cron job was run. If such a file is created, maybe
there is no problem, so a generic setuid.today file should be
installed? (From the trace below, you can see that the diff fails if
there is no setuid.today file). Should I file a fresh bug report?
manoj
Here is what I did to check that:
<root@melkor:[~]> rm -f /var/log/setuid.today
<root@melkor:[~]> bash -x checksecurity.dist
+ set -e
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ LOG=/var/log
+ TMP=/tmp/_secure.21828
+ umask 077
+ cd /
++ mount
++ grep -vE type (proc|iso9660) |^/dev/fd| on /mnt
++ cut -d -f 3
+ find / /dos /usr /usr/local -xdev ( -type f -perm +06000 -o -type b
-o -type c ) -ls
+ sort
+ cmp -s /var/log/setuid.today /tmp/_secure.21828
++ hostname
+ echo melkor changes to setuid programs and devices:
melkor changes to setuid programs and devices:
+ diff /var/log/setuid.today /tmp/_secure.21828
diff: /var/log/setuid.today: No such file or directory
+ [ 2 = 1 ]
<root@melkor:[~]> cp /var/log/setuid.yesterday /var/log/setuid.today
<root@melkor:[~]> bash -x checksecurity.dist
+ set -e
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ LOG=/var/log
+ TMP=/tmp/_secure.21873
+ umask 077
+ cd /
++ mount
++ grep -vE type (proc|iso9660) |^/dev/fd| on /mnt
++ cut -d -f 3
+ find / /dos /usr /usr/local -xdev ( -type f -perm +06000 -o -type b
-o -type c ) -ls
+ sort
+ cmp -s /var/log/setuid.today /tmp/_secure.21873
++ hostname
+ echo melkor changes to setuid programs and devices:
melkor changes to setuid programs and devices:
+ diff /var/log/setuid.today /tmp/_secure.21873
5c5,6
< 2111 68 -rwsr-x--- 1 root dip 69632 Oct 22 21:27
/usr/sbin/dip
---
> 2098 68 -rwsr-x--- 1 root dip 69632 Oct 24 19:19
> /usr/sbin/dip
[much deleted here]
+ [ 1 = 1 ]
+ mv /var/log/setuid.today /var/log/setuid.yesterday
+ mv /tmp/_secure.21873 /var/log/setuid.today
+ rm -f /tmp/_secure.21873
-- To be sure of hitting the target, shoot first, and call whatever you
hit the target. Ashleigh Brilliant
Manoj Srivastava Project Pilgrim, Department of Computer Science
Phone: (413) 545-3918 A143B Lederle Graduate Research Center
Fax: (413) 545-1249 University of Massachusetts, Amherst, MA 01003
email:srivasta@pilgrim.umass.edu http://www.pilgrim.umass.edu/~srivasta/
Acknowledgement sent to srivasta@pilgrim.umass.edu (Manoj Srivastava):
Extra info received and forwarded.
Full text available.
Information forwarded to debian-devel@pixar.com:
Bug#1766; Package cron.
Full text available.
Message received at debian-bugs:
From chiark.chu.cam.ac.uk!ian Thu Oct 26 06:23:59 1995
Return-Path: <ian@chiark.chu.cam.ac.uk>
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t8SHm-000C44C; Thu, 26 Oct 95 06:23 PDT
Received: from artemis.chu.cam.ac.uk by pixar.com with SMTP id AA22487
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Thu, 26 Oct 1995 06:23:22 -0700
Received: from chiark.chu.cam.ac.uk by artemis.chu.cam.ac.uk with smtp
(Smail3.1.29.1 #33) id m0t8SEV-0007uRC; Thu, 26 Oct 95 13:20 GMT
Received: by chiark.chu.cam.ac.uk
id m0t8SEJ-0002baC
(Debian /\oo/\ Smail3.1.29.1 #29.33); Thu, 26 Oct 95 13:20 GMT
Message-Id: <m0t8SEJ-0002baC@chiark.chu.cam.ac.uk>
Date: Thu, 26 Oct 95 13:20 GMT
From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
To: srivasta@pilgrim.umass.edu (Manoj Srivastava), debian-bugs@Pixar.com
Subject: Re: Bug#1766: Bug in script checksecurity in package cron
Manoj Srivastava writes ("Bug#1766: Bug in script checksecurity in package cron"):
> Explanation: The mount | grep -v command is the problem for
> anyone who has more than one partitions mounted; the script actually
> tries to run find with multiple starting points (which is an error),
> like find dir1 dir2 dir3 -xdev ... The solution is to look at all
> the directories discovered by the mount snippet and examine each in a
> for loop. (This has been one of my more incoherent explanations; feel
> free to mail me for clarifications).
>From find(1):
SYNOPSIS
find [path...] [expression]
You are allowed to specify several paths. What makes you think you
aren't ?
> Also, I think one should exclude all mounted systems of type
> msdos (If nothing else, it save time).
That's probably a good idea. I'll implement it.
Ian.
Acknowledgement sent to Ian Jackson <ian@chiark.chu.cam.ac.uk>:
Extra info received and forwarded.
Full text available.
Information forwarded to debian-devel@pixar.com:
Bug#1766; Package cron.
Full text available.
Message received at debian-bugs:
From pilgrim.umass.edu!srivasta Wed Oct 25 18:27:18 1995
Return-Path: <srivasta@pilgrim.umass.edu>
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t8H6E-0006noC; Wed, 25 Oct 95 18:27 PDT
Received: from plymouth.pilgrim.umass.edu by pixar.com with SMTP id AA14357
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Wed, 25 Oct 1995 18:26:49 -0700
Received: (from srivasta@localhost) by plymouth.pilgrim.umass.edu (8.6.12/8.6.12) id VAA25207; Wed, 25 Oct 1995 21:27:11 -0400
Sender: srivasta@pilgrim.umass.edu
To: debian-bugs@Pixar.com
Subject: Bug in script checksecurity in package cron
X-Geek-3: GE/CS d+(--) s:++>: a C++++$ ULUHO++++$ P+++$ L+++ E+++
W+++$ N+++ K-? !w--- O-? !M-- !V-- PS+ PE- Y+ PGP++ t@ 5++ !X R++
b+++ DI+++ D- G e+++ h+ r++ y+
X-Organization: University of Massachusetts, Amherst, MA 01003
X-Time: Wed Oct 25 21:26:53 1995
Mailer: Vm 5.95 (beta) for GNU Emacs 19.14 XEmacs Lucid (beta5)
From: srivasta@pilgrim.umass.edu (Manoj Srivastava)
Date: 25 Oct 1995 21:26:52 -0400
Message-Id: <gvx68hd6nmr.fsf@plymouth.pilgrim.umass.edu>
Organization: Project Pilgrim, University of Massachusetts at Amherst
Lines: 56
X-Mailer: September Gnus v0.11
Package: cron
Version: 3.0pl1
Revision: 20
I have a problem with the script checksecurity, which
apparently come with cron. The problem is with the lines that
generate the /var/log/setuid.today file (patch follows).
Explanation: The mount | grep -v command is the problem for
anyone who has more than one partitions mounted; the script actually
tries to run find with multiple starting points (which is an error),
like find dir1 dir2 dir3 -xdev ... The solution is to look at all
the directories discovered by the mount snippet and examine each in a
for loop. (This has been one of my more incoherent explanations; feel
free to mail me for clarifications).
Also, I think one should exclude all mounted systems of type
msdos (If nothing else, it save time).
manoj
__> dpkg -S checksecurity
cron: /usr/sbin/checksecurity
> diff -u -B -b -w /usr/sbin/checksecurity.dist /usr/sbin/checksecurity
--- /usr/sbin/checksecurity.dist Wed Sep 20 20:52:12 1995
+++ /usr/sbin/checksecurity Thu Oct 19 11:05:23 1995
@@ -10,10 +10,9 @@
umask 077
cd /
-
-find `mount | grep -vE ' type (proc|iso9660) |^/dev/fd| on /mnt' | cut -d ' ' -f 3` \
- -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \
- | sort >$TMP
+for dir in `mount | grep -vE ' type (proc|iso9660|msdos) |^/dev/fd| on /mnt' | cut -d ' ' -f 3`; do
+ /usr/bin/find $dir -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls ;
+done | sort >$TMP
if ! cmp -s $LOG/setuid.today $TMP >/dev/null
then
-- ...difference of opinion is advantageious in religion. The several
sects perform the office of a common censor morum over each other.
Is uniformity attainable? Millions of innocent men, women, and
children, since the introduction of Christianity, have been burnt,
tortured, fined, imprisoned; yet we have not advanced one inch
towards uniformity. Thomas Jefferson, "Notes on Virginia"
Manoj Srivastava Project Pilgrim, Department of Computer Science
Phone: (413) 545-3918 A143B Lederle Graduate Research Center
Fax: (413) 545-1249 University of Massachusetts, Amherst, MA 01003
email:srivasta@pilgrim.umass.edu http://www.pilgrim.umass.edu/~srivasta/
Acknowledgement sent to srivasta@pilgrim.umass.edu (Manoj Srivastava):
New bug report received and forwarded.
Full text available.
Report forwarded to debian-devel@pixar.com:
Bug#1766; Package cron.
Full text available.
Ian Jackson /
iwj10@thor.cam.ac.uk,
with the debian-bugs tracking mechanism