I consider this a bug in security(8).

The following is the best i could come up with so far; make sure
to wear your sed-peril-proof sunglasses before reading the patch.

This still mangles the file name, but at least you have a chance
to find it on your disk.  Anybody has a better plan?

I already told Marcus on misc to mount that one -o nodev,noexec
and use SUIDSKIP; but that's rather a workaround than a fix.




--- security	Wed Jun  3 11:06:07 2009
+++ /etc/security	Wed Dec 29 15:56:37 2010
@@ -427,7 +427,9 @@
 	\) -a -prune -o \
 	-type f -a \( -perm -u+s -o -perm -g+s \) -print0 -o \
 	! -type d -a ! -type f -a ! -type l -a ! -type s -a ! -type p \
-	-print0 | xargs -0 -r ls -ldgT | sort +9 > $LIST
+	-print0 | xargs -0 -r ls -ldgT | \
+	sed 'h;s,[^/]*,,;s,[[:blank:]],_,g;x;s,/.*,,;G;s/\n//' | \
+	sort +9 > $LIST
 )
 
 # Display any changes in the setuid/setgid file list.

[ message continues ]

sed it back?  assume blank is generally space, replace it with
__omgspace__, then after sorting, replace that with a single space?
It will still screw up for tabs and newlines, but I think spaces are a
lot more common.

[ message continues ]

what if the file name contains "__omgspace__"? :-)

[ message continues ]

My guess is that it would be better to sort first and then run xargs.
Something like:

find .... -print0 | sort -z | xargs -0 -L1 ls -ldgT

	-Otto

[ message continues ]

Or could use stat(1) to put the item to be sorted at the start, albeit
ending up with a different format from ls:

find .... -print0 | xargs -0 -r stat -f '%-40N %-10Su %-10Sg %Sp' | sort



[ message continues ]

Er, that would need other changes as well. Ignore me...



[ message continues ]

I'd like that one, by far more dapper; but it does not change a thing
about the abbreviated file name beeing compared and reported by join(1).

Marcus

[ message continues ]