Gnome negative group permissions

[Lowell Gilbert]

Kevin Oberman <rkoberman at gmail.com> writes:

> It's just that there are cases where negative group permissions are
> intended and this is such a case. If you don't want to see them, add
> "daily_status_security_neggrpperm_enable="NO"  to /etc/periodic.conf.

I added a hack to work around this without disabling the check
completely. Anything wrong with something of this sort?


--- /etc/periodic/security/110.neggrpperm	2014-07-08 14:12:31.000000000 -0400
+++ /usr/src/etc/periodic/security/110.neggrpperm	2014-06-03 19:49:13.000000000 -0400
@@ -37,26 +37,18 @@
 
 security_daily_compat_var security_status_neggrpperm_enable
 
-
 rc=0
 
 if check_yesno_period security_status_neggrpperm_enable
 then
 	echo ""
 	echo 'Checking negative group permissions:'
-
-	if [ -z ${security_neggrperm_ignore} ] ; then
-	    echo security_neggrperm_ignore not set
-	    security_neggrperm_ignore="/nonexistent"
-	fi
-
 	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
 	n=$(find -sx $MP /dev/null -type f \
 	    \( \( ! -perm +010 -and -perm +001 \) -or \
 	    \( ! -perm +020 -and -perm +002 \) -or \
 	    \( ! -perm +040 -and -perm +004 \) \) \
-	    -exec ls -liTd \{\} \+ | grep -v "${security_neggrperm_ignore}" | \
-	    tee /dev/stderr | wc -l)
+	    -exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l)
 	[ $n -gt 0 ] && rc=1 || rc=0
 fi