+++ /dev/null
-#!/bin/sh -
-#
-# Description: FreeBSD comes with the following script that is run
-# weekly as part of its periodic weekly security scripts.
-# However, their version of the script does NOT ignore
-# .zfs/snapshot directories. On a system with limited
-# resources, this can lead to a "kmem_map too small"
-# kernel panic when this script runs. Somehow, ZFS
-# kernel memory usage explodes when performing recursive
-# find operations on .zfs snapshot locations. This
-# is the modified version of that script, which excludes
-# searching in .zfs snapshot directories.
-# Usage: Replace the FreeBSD version of the script with this one:
-# /etc/periodic/security/100.chksetuid
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD: src/etc/periodic/security/100.chksetuid,v 1.8.14.1 2008/01/29 00:22:33 dougb Exp $
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-. /etc/periodic/security/security.functions
-
-rc=0
-
-case "$daily_status_security_chksetuid_enable" in
- [Yy][Ee][Ss])
- echo ""
- echo 'Checking setuid files and devices:'
- # XXX Note that there is the possibility of overrunning the args to ls
- MP=`mount -t ufs,zfs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | sort`
- if [ -n "${MP}" ]
- then
- set ${MP}
- while [ $# -ge 1 ]; do
- mount=$1
- shift
- dotzfs=`echo "$mount" | grep "\.zfs"`
- [ -n "$dotzfs" ] && continue;
- find $mount -xdev -type f \
- \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
- \( -perm -u+s -or -perm -g+s \) -print0
- done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort -k 11 |
- check_diff setuid - "${host} setuid diffs:"
- rc=$?
- fi;;
- *) rc=0;;
-esac
-
-exit $rc
projects / zfs-nexenta / .git / commitdiff