We've run into a problem where the audit_warn(5) script /etc/security/audit_warn is called endlessly in a loop if it takes longer than 0.87s to execute.
echo "sleep 1" >> /etc/security/audit_warn
and restart/hup the appropriate services.
For information: This bug still exists with 12.0-RELEASE-p3 and 13-CURRENT r346594.
Complete reproduction example: (this will overwrite /etc/security/audit_warn)
at << EOF >/etc/security/audit_warn #!/bin/sh echo "audit warning: $@" | wall sleep 1 EOF
# audit -n
expected behaviour: For the script to be executed once
actual behaviour: script is repeatedly executed, seemingly forever.
Remove "sleep 1" from the above script and it's called exactly one.
Real-world case: actions performed by this script take more than 1s to do their thing, and end up being called repeatedly for the same message.
I've found the commit which introduced the bug, and created a ticket with OpenBSM upstream: https://github.com/openbsm/openbsm/issues/52
I have proposed a solution on upstream Github, so I might as well take the FreeBSD PR.