Debian bug report logs - #1766 , boring messages ----------------------------------------------------------------------- Message sent to debian-devel@pixar.com: Subject: Bug#1766: Bug in script checksecurity in package cron Reply-To: srivasta@pilgrim.umass.edu (Manoj Srivastava), debian-bugs@pixar.com Resent-From: srivasta@pilgrim.umass.edu (Manoj Srivastava) Orignal-Sender: srivasta@pilgrim.umass.edu Resent-To: debian-devel@pixar.com Resent-Date: Thu, 26 Oct 1995 01:33:02 GMT Resent-Message-ID: Resent-Sender: iwj10@cus.cam.ac.uk X-Debian-PR-Package: cron X-Debian-PR-Keywords: Received: via spool for debian-bugs; Thu, 26 Oct 1995 01:33:02 GMT Received: with rfc822 via encapsulated-mail; Thu, 26 Oct 1995 01:28:21 GMT Received: from pixar.com by mongo.pixar.com with smtp (Smail3.1.28.1 #15) id m0t8H6E-0006noC; Wed, 25 Oct 95 18:27 PDT Received: from plymouth.pilgrim.umass.edu by pixar.com with SMTP id AA14357 (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Wed, 25 Oct 1995 18:26:49 -0700 Received: (from srivasta@localhost) by plymouth.pilgrim.umass.edu (8.6.12/8.6.12) id VAA25207; Wed, 25 Oct 1995 21:27:11 -0400 Sender: srivasta@pilgrim.umass.edu To: debian-bugs@Pixar.com X-Geek-3: GE/CS d+(--) s:++>: a C++++$ ULUHO++++$ P+++$ L+++ E+++ W+++$ N+++ K-? !w--- O-? !M-- !V-- PS+ PE- Y+ PGP++ t@ 5++ !X R++ b+++ DI+++ D- G e+++ h+ r++ y+ X-Organization: University of Massachusetts, Amherst, MA 01003 X-Time: Wed Oct 25 21:26:53 1995 Mailer: Vm 5.95 (beta) for GNU Emacs 19.14 XEmacs Lucid (beta5) From: srivasta@pilgrim.umass.edu (Manoj Srivastava) Date: 25 Oct 1995 21:26:52 -0400 Message-Id: Organization: Project Pilgrim, University of Massachusetts at Amherst Lines: 56 X-Mailer: September Gnus v0.11 Package: cron Version: 3.0pl1 Revision: 20 I have a problem with the script checksecurity, which apparently come with cron. The problem is with the lines that generate the /var/log/setuid.today file (patch follows). Explanation: The mount | grep -v command is the problem for anyone who has more than one partitions mounted; the script actually tries to run find with multiple starting points (which is an error), like find dir1 dir2 dir3 -xdev ... The solution is to look at all the directories discovered by the mount snippet and examine each in a for loop. (This has been one of my more incoherent explanations; feel free to mail me for clarifications). Also, I think one should exclude all mounted systems of type msdos (If nothing else, it save time). manoj __> dpkg -S checksecurity cron: /usr/sbin/checksecurity > diff -u -B -b -w /usr/sbin/checksecurity.dist /usr/sbin/checksecurity --- /usr/sbin/checksecurity.dist Wed Sep 20 20:52:12 1995 +++ /usr/sbin/checksecurity Thu Oct 19 11:05:23 1995 @@ -10,10 +10,9 @@ umask 077 cd / - -find `mount | grep -vE ' type (proc|iso9660) |^/dev/fd| on /mnt' | cut -d ' ' -f 3` \ - -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \ - | sort >$TMP +for dir in `mount | grep -vE ' type (proc|iso9660|msdos) |^/dev/fd| on /mnt' | cut -d ' ' -f 3`; do + /usr/bin/find $dir -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls ; +done | sort >$TMP if ! cmp -s $LOG/setuid.today $TMP >/dev/null then -- ...difference of opinion is advantageious in religion. The several sects perform the office of a common censor morum over each other. Is uniformity attainable? Millions of innocent men, women, and children, since the introduction of Christianity, have been burnt, tortured, fined, imprisoned; yet we have not advanced one inch towards uniformity. Thomas Jefferson, "Notes on Virginia" Manoj Srivastava Project Pilgrim, Department of Computer Science Phone: (413) 545-3918 A143B Lederle Graduate Research Center Fax: (413) 545-1249 University of Massachusetts, Amherst, MA 01003 email:srivasta@pilgrim.umass.edu http://www.pilgrim.umass.edu/~srivasta/ ----------------------------------------------------------------------- Message sent: From: iwj10@thor.cam.ac.uk (Ian Jackson) To: srivasta@pilgrim.umass.edu (Manoj Srivastava) Subject: Bug#1766: Acknowledgement (was: Bug in script checksecurity in package cron) In-Reply-To: References: Thank you for the problem report you have sent regarding Debian GNU/Linux. This is an automatically generated reply, to let you know your message has been received. It is being forwarded to the developers' mailing list for their attention; they will reply in due course. If you wish to submit further information on your problem, please send it to debian-bugs@pixar.com, but please ensure that the Subject line of your message starts with "Bug#1766" or "Re: Bug#1766" so that we can identify it as relating to the same problem. Please do not reply to the address at the top of this message, unless you wish to report a problem with the bug-tracking system. Ian Jackson (maintainer, debian-bugs) ----------------------------------------------------------------------- Message sent to debian-devel@pixar.com: Subject: Bug#1766: Bug in script checksecurity in package cron Reply-To: Ian Jackson , debian-bugs@pixar.com Resent-From: Ian Jackson Resent-To: debian-devel@pixar.com Resent-Date: Thu, 26 Oct 1995 13:33:01 GMT Resent-Message-ID: Resent-Sender: iwj10@cus.cam.ac.uk X-Debian-PR-Package: cron X-Debian-PR-Keywords: Received: via spool for debian-bugs; Thu, 26 Oct 1995 13:33:01 GMT Received: with rfc822 via encapsulated-mail; Thu, 26 Oct 1995 13:25:45 GMT Received: from pixar.com by mongo.pixar.com with smtp (Smail3.1.28.1 #15) id m0t8SHm-000C44C; Thu, 26 Oct 95 06:23 PDT Received: from artemis.chu.cam.ac.uk by pixar.com with SMTP id AA22487 (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Thu, 26 Oct 1995 06:23:22 -0700 Received: from chiark.chu.cam.ac.uk by artemis.chu.cam.ac.uk with smtp (Smail3.1.29.1 #33) id m0t8SEV-0007uRC; Thu, 26 Oct 95 13:20 GMT Received: by chiark.chu.cam.ac.uk id m0t8SEJ-0002baC (Debian /\oo/\ Smail3.1.29.1 #29.33); Thu, 26 Oct 95 13:20 GMT Message-Id: Date: Thu, 26 Oct 95 13:20 GMT From: Ian Jackson To: srivasta@pilgrim.umass.edu (Manoj Srivastava), debian-bugs@Pixar.com Manoj Srivastava writes ("Bug#1766: Bug in script checksecurity in package cron"): > Explanation: The mount | grep -v command is the problem for > anyone who has more than one partitions mounted; the script actually > tries to run find with multiple starting points (which is an error), > like find dir1 dir2 dir3 -xdev ... The solution is to look at all > the directories discovered by the mount snippet and examine each in a > for loop. (This has been one of my more incoherent explanations; feel > free to mail me for clarifications). >From find(1): SYNOPSIS find [path...] [expression] You are allowed to specify several paths. What makes you think you aren't ? > Also, I think one should exclude all mounted systems of type > msdos (If nothing else, it save time). That's probably a good idea. I'll implement it. Ian. ----------------------------------------------------------------------- Message sent: From: iwj10@thor.cam.ac.uk (Ian Jackson) To: Ian Jackson Subject: Bug#1766: Info received (was Bug#1766: Bug in script checksecurity in package cron) In-Reply-To: References: Thank you for the additional information you have supplied regarding this problem report. It has been forwarded to the developers to accompany the original report. If you wish to continue to submit further information on your problem, please do the same thing again: send it to debian-bugs@pixar.com, ensuring that the Subject line starts with "Bug#1766" or "Re: Bug#1766" so that we can identify it as relating to the same problem. Please do not reply to the address at the top of this message, unless you wish to report a problem with the bug-tracking system. Ian Jackson (maintainer, debian-bugs) ----------------------------------------------------------------------- Message sent to debian-devel@pixar.com: Subject: Bug#1766: Bug in script checksecurity in package cron Reply-To: srivasta@pilgrim.umass.edu (Manoj Srivastava), debian-bugs@pixar.com Resent-From: srivasta@pilgrim.umass.edu (Manoj Srivastava) Orignal-Sender: srivasta@pilgrim.umass.edu Resent-To: debian-devel@pixar.com Resent-Date: Fri, 27 Oct 1995 06:33:02 GMT Resent-Message-ID: Resent-Sender: iwj10@cus.cam.ac.uk X-Debian-PR-Package: cron X-Debian-PR-Keywords: Received: via spool for debian-bugs; Fri, 27 Oct 1995 06:33:02 GMT Received: with rfc822 via encapsulated-mail; Fri, 27 Oct 1995 06:28:02 GMT Received: from pixar.com by mongo.pixar.com with smtp (Smail3.1.28.1 #15) id m0t8iFm-000BWxC; Thu, 26 Oct 95 23:26 PDT Received: from plymouth.pilgrim.umass.edu by pixar.com with SMTP id AA28262 (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Thu, 26 Oct 1995 23:26:32 -0700 Received: (from srivasta@localhost) by plymouth.pilgrim.umass.edu (8.6.12/8.6.12) id CAA00947; Fri, 27 Oct 1995 02:26:52 -0400 Sender: srivasta@pilgrim.umass.edu To: debian-bugs@Pixar.com Cc: (Manoj Srivastava) X-Geek-3: GE/CS d+(--) s:++>: a C++++$ ULUHO++++$ P+++$ L+++ E+++ W+++$ N+++ K-? !w--- O-? !M-- !V-- PS+ PE- Y+ PGP++ t@ 5++ !X R++ b+++ DI+++ D- G e+++ h+ r++ y+ X-Organization: University of Massachusetts, Amherst, MA 01003 X-Time: Fri Oct 27 02:26:33 1995 Mailer: Vm 5.95 (beta) for GNU Emacs 19.14 XEmacs Lucid (beta5) References: From: srivasta@pilgrim.umass.edu (Manoj Srivastava) Date: 27 Oct 1995 02:26:33 -0400 In-Reply-To: Ian Jackson's message of Thu, 26 Oct 95 13:20 GMT Message-Id: Organization: Project Pilgrim, University of Massachusetts at Amherst Lines: 80 X-Mailer: September Gnus v0.11 Hi, I'm sorry, I should have investigated further before firing off that bug report about checksecurity. There is no problem with multiple dir arguments to find (which is perfectly legal, as Ian Jackson pointed out). The problem was that there were no /var/log/setuid.{today,yesterday} files on my system, and checksecurity failed to create them, resulting in a mail message every time the cron job was run. If such a file is created, maybe there is no problem, so a generic setuid.today file should be installed? (From the trace below, you can see that the diff fails if there is no setuid.today file). Should I file a fresh bug report? manoj Here is what I did to check that: rm -f /var/log/setuid.today bash -x checksecurity.dist + set -e + PATH=/sbin:/bin:/usr/sbin:/usr/bin + LOG=/var/log + TMP=/tmp/_secure.21828 + umask 077 + cd / ++ mount ++ grep -vE type (proc|iso9660) |^/dev/fd| on /mnt ++ cut -d -f 3 + find / /dos /usr /usr/local -xdev ( -type f -perm +06000 -o -type b -o -type c ) -ls + sort + cmp -s /var/log/setuid.today /tmp/_secure.21828 ++ hostname + echo melkor changes to setuid programs and devices: melkor changes to setuid programs and devices: + diff /var/log/setuid.today /tmp/_secure.21828 diff: /var/log/setuid.today: No such file or directory + [ 2 = 1 ] cp /var/log/setuid.yesterday /var/log/setuid.today bash -x checksecurity.dist + set -e + PATH=/sbin:/bin:/usr/sbin:/usr/bin + LOG=/var/log + TMP=/tmp/_secure.21873 + umask 077 + cd / ++ mount ++ grep -vE type (proc|iso9660) |^/dev/fd| on /mnt ++ cut -d -f 3 + find / /dos /usr /usr/local -xdev ( -type f -perm +06000 -o -type b -o -type c ) -ls + sort + cmp -s /var/log/setuid.today /tmp/_secure.21873 ++ hostname + echo melkor changes to setuid programs and devices: melkor changes to setuid programs and devices: + diff /var/log/setuid.today /tmp/_secure.21873 5c5,6 < 2111 68 -rwsr-x--- 1 root dip 69632 Oct 22 21:27 /usr/sbin/dip --- > 2098 68 -rwsr-x--- 1 root dip 69632 Oct 24 19:19 > /usr/sbin/dip [much deleted here] + [ 1 = 1 ] + mv /var/log/setuid.today /var/log/setuid.yesterday + mv /tmp/_secure.21873 /var/log/setuid.today + rm -f /tmp/_secure.21873 -- To be sure of hitting the target, shoot first, and call whatever you hit the target. Ashleigh Brilliant Manoj Srivastava Project Pilgrim, Department of Computer Science Phone: (413) 545-3918 A143B Lederle Graduate Research Center Fax: (413) 545-1249 University of Massachusetts, Amherst, MA 01003 email:srivasta@pilgrim.umass.edu http://www.pilgrim.umass.edu/~srivasta/ ----------------------------------------------------------------------- Message sent: From: iwj10@thor.cam.ac.uk (Ian Jackson) To: srivasta@pilgrim.umass.edu (Manoj Srivastava) Subject: Bug#1766: Info received (was Bug#1766: Bug in script checksecurity in package cron) In-Reply-To: References: Thank you for the additional information you have supplied regarding this problem report. It has been forwarded to the developers to accompany the original report. If you wish to continue to submit further information on your problem, please do the same thing again: send it to debian-bugs@pixar.com, ensuring that the Subject line starts with "Bug#1766" or "Re: Bug#1766" so that we can identify it as relating to the same problem. Please do not reply to the address at the top of this message, unless you wish to report a problem with the bug-tracking system. Ian Jackson (maintainer, debian-bugs) ----------------------------------------------------------------------- Message sent: From: iwj10@thor.cam.ac.uk (Ian Jackson) To: Ian Jackson In-Reply-To: References: Subject: Bug#1766: marked as done (was: Bug in script checksecurity in package cron) Your message dated Sun, 29 Oct 95 01:41 GMT with message-id and subject line Bug#1766: Bug in script checksecurity in package cron has caused the attached bug report to be marked as done. It is your now responsibility to ensure that the bug report is dealt with. (NB: If you are a system administrator and have no idea what I'm talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Ian Jackson (maintainer, debian-bugs) Received: with rfc822 via encapsulated-mail; Thu, 26 Oct 1995 01:28:21 GMT From pilgrim.umass.edu!srivasta Wed Oct 25 18:27:18 1995 Return-Path: Received: from pixar.com by mongo.pixar.com with smtp (Smail3.1.28.1 #15) id m0t8H6E-0006noC; Wed, 25 Oct 95 18:27 PDT Received: from plymouth.pilgrim.umass.edu by pixar.com with SMTP id AA14357 (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Wed, 25 Oct 1995 18:26:49 -0700 Received: (from srivasta@localhost) by plymouth.pilgrim.umass.edu (8.6.12/8.6.12) id VAA25207; Wed, 25 Oct 1995 21:27:11 -0400 Sender: srivasta@pilgrim.umass.edu To: debian-bugs@Pixar.com Subject: Bug in script checksecurity in package cron X-Geek-3: GE/CS d+(--) s:++>: a C++++$ ULUHO++++$ P+++$ L+++ E+++ W+++$ N+++ K-? !w--- O-? !M-- !V-- PS+ PE- Y+ PGP++ t@ 5++ !X R++ b+++ DI+++ D- G e+++ h+ r++ y+ X-Organization: University of Massachusetts, Amherst, MA 01003 X-Time: Wed Oct 25 21:26:53 1995 Mailer: Vm 5.95 (beta) for GNU Emacs 19.14 XEmacs Lucid (beta5) From: srivasta@pilgrim.umass.edu (Manoj Srivastava) Date: 25 Oct 1995 21:26:52 -0400 Message-Id: Organization: Project Pilgrim, University of Massachusetts at Amherst Lines: 56 X-Mailer: September Gnus v0.11 Package: cron Version: 3.0pl1 Revision: 20 I have a problem with the script checksecurity, which apparently come with cron. The problem is with the lines that generate the /var/log/setuid.today file (patch follows). Explanation: The mount | grep -v command is the problem for anyone who has more than one partitions mounted; the script actually tries to run find with multiple starting points (which is an error), like find dir1 dir2 dir3 -xdev ... The solution is to look at all the directories discovered by the mount snippet and examine each in a for loop. (This has been one of my more incoherent explanations; feel free to mail me for clarifications). Also, I think one should exclude all mounted systems of type msdos (If nothing else, it save time). manoj __> dpkg -S checksecurity cron: /usr/sbin/checksecurity > diff -u -B -b -w /usr/sbin/checksecurity.dist /usr/sbin/checksecurity --- /usr/sbin/checksecurity.dist Wed Sep 20 20:52:12 1995 +++ /usr/sbin/checksecurity Thu Oct 19 11:05:23 1995 @@ -10,10 +10,9 @@ umask 077 cd / - -find `mount | grep -vE ' type (proc|iso9660) |^/dev/fd| on /mnt' | cut -d ' ' -f 3` \ - -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \ - | sort >$TMP +for dir in `mount | grep -vE ' type (proc|iso9660|msdos) |^/dev/fd| on /mnt' | cut -d ' ' -f 3`; do + /usr/bin/find $dir -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls ; +done | sort >$TMP if ! cmp -s $LOG/setuid.today $TMP >/dev/null then -- ...difference of opinion is advantageious in religion. The several sects perform the office of a common censor morum over each other. Is uniformity attainable? Millions of innocent men, women, and children, since the introduction of Christianity, have been burnt, tortured, fined, imprisoned; yet we have not advanced one inch towards uniformity. Thomas Jefferson, "Notes on Virginia" Manoj Srivastava Project Pilgrim, Department of Computer Science Phone: (413) 545-3918 A143B Lederle Graduate Research Center Fax: (413) 545-1249 University of Massachusetts, Amherst, MA 01003 email:srivasta@pilgrim.umass.edu http://www.pilgrim.umass.edu/~srivasta/ ----------------------------------------------------------------------- Message sent: From: iwj10@thor.cam.ac.uk (Ian Jackson) To: srivasta@pilgrim.umass.edu (Manoj Srivastava) Subject: Bug#1766 acknowledged by developer (was: Bug in script checksecurity in package cron) References: In-Reply-To: This is an automatic notification regarding your bug report. Responsibility for it has been taken by one of the developers, namely Ian Jackson . You should be hearing from them with a substantive response shortly, if you have not already done so. If not, please contact them directly, or email debian-bugs@pixar.com or myself. Ian Jackson (maintainer, debian-bugs) ----------------------------------------------------------------------- Ian Jackson / iwj10@thor.cam.ac.uk , with the debian-bugs tracking mechanism This page last modified 07:43:01 GMT Wed 01 Nov