During mailbox and special file checks, skip all files that can't

be stat(2)'ed, but do not complain about those that were just removed,
because removing files is not a security risk in itself.

Sorry, i can't remember the original reporter of the issue;
reported again by mk@; patch looks good to Andrew Fresh.

1 files changed, 10 insertions, 7 deletions

diff --git a/libexec/security/security b/libexec/security/security
index df4411492e2..5e2248813d4 100644
--- a/libexec/security/security
+++ b/libexec/security/security
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -T
 
-# $OpenBSD: security,v 1.16 2011/07/20 00:39:15 schwarze Exp $
+# $OpenBSD: security,v 1.17 2011/07/20 21:02:19 schwarze Exp $
 #
 # Copyright (c) 2011 Ingo Schwarze <schwarze@openbsd.org>
 # Copyright (c) 2011 Andrew Fresh <andrew@afresh1.com>
@@ -21,6 +21,7 @@ use warnings;
 use strict;
 
 require Digest::MD5;
+use Errno qw(ENOENT);
 use Fcntl qw(:mode);
 use File::Basename qw(basename);
 use File::Compare qw(compare);
@@ -448,9 +449,10 @@ sub check_mailboxes {
 	foreach my $name (readdir $dh) {
 		next if $name =~ /^\.\.?$/;
 		my ($mode, $fuid, $fgid) = (stat "$dir/$name")[2,4,5];
-		nag !defined $mode,
-		    "stat: $dir/$name: $!"
-		    and next;
+		unless (defined $mode) {
+			nag !$!{ENOENT}, "stat: $dir/$name: $!";
+			next;
+		}
 		my $fname = (getpwuid $fuid)[0] // $fuid;
 		my $gname = (getgrgid $fgid)[0] // $fgid;
 		nag $fname ne $name,
@@ -548,9 +550,10 @@ sub find_special_files {
 
 		my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size,
 		    $atime, $mtime, $ctime, $blksize, $blocks) = lstat;
-		nag !defined $dev,
-		    "stat: $_: $!"
-		    and return;
+		unless (defined $dev) {
+			nag !$!{ENOENT}, "stat: $_: $!";
+			return;
+		}
 
 		# SUID/SGID files
 		my $file = {};