Add option to check_diff function which changes "setuid diffs" from ---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- Amnesiac setuid diffs: --- /var/log/setuid.today Mon May 8 03:01:22 2006 +++ /tmp/security.DSozUbFb Tue Jun 13 03:01:22 2006 @@ -33,7 +33,7 @@ 612402 -r-sr-xr-x 2 root wheel 5828 May 7 13:25:03 2006 /usr/bin/yppasswd 141367 -r-sr-xr-x 1 root wheel 3400 May 7 13:14:41 2006 /usr/libexec/pt_chown 141330 -r-xr-sr-x 1 root smmsp 582752 May 7 13:28:03 2006 /usr/libexec/sendmail/sendmail -730599 -rwsr-xr-x 1 root wheel 278660 Oct 28 18:09:06 2005 /usr/local/bin/screen +730291 -rwsr-xr-x 1 root wheel 285580 Jun 12 20:56:14 2006 /usr/local/bin/screen 730672 ---s--x--x 2 root wheel 89020 Jan 27 01:52:14 2006 /usr/local/bin/sudo 730672 ---s--x--x 2 root wheel 89020 Jan 27 01:52:14 2006 /usr/local/bin/sudoedit 329886 -r-sr-sr-x 1 root authpf 14724 May 7 13:26:08 2006 /usr/sbin/authpf ---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- to ---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- Amnesiac setuid diffs: +++ /tmp/security.DSozUbFb Tue Jun 13 03:01:22 2006 --- /var/log/setuid.today Mon May 8 03:01:22 2006 +730291 -rwsr-xr-x 1 root wheel 285580 Jun 12 20:56:14 2006 /usr/local/bin/screen -730599 -rwsr-xr-x 1 root wheel 278660 Oct 28 18:09:06 2005 /usr/local/bin/screen ---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- IMHO the latter output is easier to comprehend. Patch does not change traditional FreeBSD behaviour (POLA). Admin must add "sorted" as first argument to check_diff funtion call in "/etc/periodic/security/100.chksetuid" file. How-To-Repeat: N/A
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>
Created attachment 237415 [details] Updated unified diff, against 12.3-RELEASE, version 322868 This is an updated patch, against somewhat newer version.
Created attachment 237416 [details] Patch to 100.chksetuid Patch to 100.chksetuid
Created attachment 237417 [details] Patch add etc/defaults/periodic.conf Patch etc/defaults/periodic.conf, with the default value "setuid".