Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Paul de Weerd (weerdweirdnet.nl)
Date: Sun Aug 10 2008 - 09:26:46 CDT
On Sun, Aug 10, 2008 at 05:16:49PM +0300, Antti Harri wrote:
> I guess it's safe to submit this now that you are working
> on -current :-)
> this diff adds support for /etc/security to ignore
> some paths from setuid/setgid checking. This is useful
> when you have paths that contain data with millions of
> files and don't want the script to traverse them.
> The reason is that it takes too long time and causes unnecessary load,
> and in my case causing only noise to the script's real output.
> The security_ignore() is a modified version of
> rc's stripcom().
I like the general idea (my daily runs take forever (4+ hrs) on
certain machines because they have a large number of files), but maybe
it's better/easier to not search for set[ug]id files on filesystems
mounted nosuid ? Hmmm...
Paul 'WEiRD' de Weerd