Paths

Table of Contentst

periodic 100.chksetuid: supress output if diff is purely whitespace
Needs RevisionPublic
Actions

Authored by allanjude on Sep 20 2024, 3:19 PM.

Details

Reviewers

markj
gordon
michaelo

Summary

the chksetuid periodic script would report differences of unchanged
files if some other file changed and made the inode column wider.

Use diff -b to suppress these actually unchanged lines

PR: 281555
Reported by: martin@lispworks.com
MFC after: 1 week
Relnotes: yes
Sponsored by: Klara, Inc.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 59539
Build 56426: arc lint + arc unit

Event Timeline

allanjude created this revision.Sep 20 2024, 3:19 PM

Herald added a subscriber: imp. · View Herald TranscriptSep 20 2024, 3:19 PM

allanjude requested review of this revision.Sep 20 2024, 3:19 PM

Harbormaster completed remote builds in B59539: Diff 143540.Sep 20 2024, 3:19 PM

I think adding -b will not fix it (and in fact security_status_diff_flags already contains -b by default). The problem with -b is that it only ignores changes in the amount of white space, but doesn't ignore newly added whitespace.

Using -w would probably fix it.

michaelo requested changes to this revision.Nov 11 2024, 8:16 AM

michaelo added a subscriber: michaelo.

michaelo added inline comments.

usr.sbin/periodic/etc/security/security.functions
75	This one is redudant, `-b` is already default.

This revision now requires changes to proceed.Nov 11 2024, 8:16 AM

michaelo added inline comments.Nov 11 2024, 8:20 AM

usr.sbin/periodic/etc/security/security.functions
71	Why `-q` twice? The manpage does not mention that invoking twice changes anything.

@phk This is what I was writing you privately...

For reference, this morning I received this abbreviated diff in daily run email:

[lots of files removed]
-1444958 -rwxr-sr-x  1 root     kmem     145608 2024-04-09T01:17:02 /mnt/mail/usr/local/sbin/lsof
-1445084 -rwxr-sr-x  1 root     126       15848 2024-07-06T05:52:29 /mnt/mail/usr/local/sbin/postdrop
-1445088 -rwxr-sr-x  1 root     126        9872 2024-07-06T05:52:29 /mnt/mail/usr/local/sbin/postlog
-1445328 -rwxr-sr-x  1 root     126       19296 2024-07-06T05:52:29 /mnt/mail/usr/local/sbin/postqueue
- 883033 -r-sr-xr--  1 root     operator  12872 2024-12-22T07:50:41 /sbin/mksnap_ffs
- 883052 -r-sr-xr-x  2 root     wheel     61920 2024-12-22T07:50:41 /sbin/ping
- 883052 -r-sr-xr-x  2 root     wheel     61920 2024-12-22T07:50:41 /sbin/ping6
- 883053 -r-sr-xr--  2 root     operator  16016 2024-12-22T07:50:41 /sbin/poweroff
- 883053 -r-sr-xr--  2 root     operator  16016 2024-12-22T07:50:41 /sbin/shutdown
- 484604 -r-sr-xr-x  4 root     wheel     29936 2024-12-22T07:50:41 /usr/bin/at
[lots of files removed]
+883033 -r-sr-xr--  1 root     operator  12872 2024-12-22T07:50:41 /sbin/mksnap_ffs
+883052 -r-sr-xr-x  2 root     wheel     61920 2024-12-22T07:50:41 /sbin/ping
+883052 -r-sr-xr-x  2 root     wheel     61920 2024-12-22T07:50:41 /sbin/ping6
+883053 -r-sr-xr--  2 root     operator  16016 2024-12-22T07:50:41 /sbin/poweroff
+883053 -r-sr-xr--  2 root     operator  16016 2024-12-22T07:50:41 /sbin/shutdown
+484604 -r-sr-xr-x  4 root     wheel     29936 2024-12-22T07:50:41 /usr/bin/at
[lots of files removed]

The root problem is that ls(1) autosizes the inode# column, and I found two possible ways to fix it:

Use LS_COLWIDTHS=12:0 (millions of millions is enough for everybody!)

Strip leading spaces before feeding things to diff(1)

I did consider diff -w, and while in theory it should never be able to make any difference, I feel it is going too far given that we are in a security-adjecent area.

And to be honest, I'm not even sure if I think this needs to be fixed...

Revision Contents
Changeset List

Path

Size

usr.sbin/

periodic/

etc/

security/

security.functions

4 lines

Diff 143540

View Options

usr.sbin/periodic/etc/security/security.functions

periodic 100.chksetuid: supress output if diff is purely whitespaceNeeds RevisionPublicActions