[gentoo-doc-cvs] cvs commit: shb-perms.xml - gentoo-doc-cvs

From:	Xavier Neys <neysx@×××××××××××.org>
To:	gentoo-doc-cvs@l.g.o
Subject:	[gentoo-doc-cvs] cvs commit: shb-perms.xml
Date:	Sat, 16 Sep 2006 20:48:19
Message-Id:	`20060916204837.B207C6466D@smtp.gentoo.org`

1

neysx       06/09/16 20:48:37

2

3

  Modified:             shb-perms.xml

4

  Log:

5

  #147760 join lines

6

7

Revision  Changes    Path

8

1.2                  xml/htdocs/doc/en/security/shb-perms.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-perms.xml?rev=1.2&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-perms.xml?rev=1.2&content-type=text/plain

12

diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-perms.xml?r1=1.1&r2=1.2

13

14

Index: shb-perms.xml

15

===================================================================

16

RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-perms.xml,v

17

retrieving revision 1.1

18

retrieving revision 1.2

19

diff -u -r1.1 -r1.2

20

--- shb-perms.xml	1 Jun 2005 15:43:47 -0000	1.1

21

+++ shb-perms.xml	16 Sep 2006 20:48:37 -0000	1.2

22

@@ -1,5 +1,5 @@

23

 <?xml version='1.0' encoding='UTF-8'?>

24

-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-perms.xml,v 1.1 2005/06/01 15:43:47 neysx Exp $ -->

25

+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-perms.xml,v 1.2 2006/09/16 20:48:37 neysx Exp $ -->

26

 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">

27

28

 <!-- The content of this document is licensed under the CC-BY-SA license -->

29

@@ -30,10 +30,8 @@

30

 <body>

31

32

 <pre caption="Finding world-writable files and directories">

33

-# <i>/usr/bin/find / -type f \( -perm -2 -o -perm -20 \) \ 

34

-   -exec ls -lg {} \; 2>/dev/null >writable.txt</i>

35

-# <i>/usr/bin/find / -type d \( -perm -2 -o -perm -20 \) \ 

36

-   -exec ls -ldg {} \; 2>/dev/null >>writable.txt</i>

37

+# <i>find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \; 2>/dev/null >writable.txt</i>

38

+# <i>find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; 2>/dev/null >>writable.txt</i>

39

 </pre>

40

41

<p>

42

@@ -62,8 +60,7 @@

43

 </p>

44

45

 <pre caption="Finding setuid files">

46

-# <i>/usr/bin/find / -type f \( -perm -004000 -o -perm -002000 \) \ 

47

-   -exec ls -lg {} \; 2>/dev/null >suidfiles.txt</i>

48

+# <i>find / -type f \( -perm -004000 -o -perm -002000 \) -exec ls -lg {} \; 2>/dev/null >suidfiles.txt</i>

49

 </pre>

50

51

<p>

52

@@ -95,15 +92,15 @@

53

54

<p>

55

 By default Gentoo Linux does not have a lot of SUID files (though this depends

56

-on what you installed), but you might get a list like the one above. Most of the

57

-commands should not be used by normal users, only root. Switch off the SUID bit

58

-on <c>ping</c>, <c>mount</c>, <c>umount</c>, <c>chfn</c>, <c>chsh</c>, <c>newgrp</c>, <c>suidperl</c>, <c>pt_chown</c>

59

-and <c>traceroute</c> by executing <c>chmod -s</c> on every file. Don't

60

-remove the bit on <c>su</c>, <c>qmail-queue</c> or <c>unix_chkpwd</c>. Removing

61

-setuid from those files will prevent you from <c>su</c>'ing and receiving

62

-mail. By removing the bit (where it is safe to do so) you remove the possibility

63

-of a normal user (or an attacker) gaining root access through any of these

64

-files.

65

+on what you installed), but you might get a list like the one above. Most of

66

+the commands should not be used by normal users, only root. Switch off the SUID

67

+bit on <c>ping</c>, <c>mount</c>, <c>umount</c>, <c>chfn</c>, <c>chsh</c>,

68

+<c>newgrp</c>, <c>suidperl</c>, <c>pt_chown</c> and <c>traceroute</c> by

69

+executing <c>chmod -s</c> on every file. Don't remove the bit on <c>su</c>,

70

+<c>qmail-queue</c> or <c>unix_chkpwd</c>. Removing setuid from those files will

71

+prevent you from <c>su</c>'ing and receiving mail. By removing the bit (where

72

+it is safe to do so) you remove the possibility of a normal user (or an

73

+attacker) gaining root access through any of these files.

74

 </p>

75

76

<p>

77

@@ -112,6 +109,7 @@

78

 But if you are running X, you might have some more, since X needs the elevated

79

 access afforded by SUID.

80

 </p>

81

+

82

 </body>

83

 </section>

84

 <section>

--

89

gentoo-doc-cvs@g.o mailing list

1	neysx 06/09/16 20:48:37
2
3	Modified: shb-perms.xml
4	Log:
5	#147760 join lines
6
7	Revision Changes Path
8	1.2 xml/htdocs/doc/en/security/shb-perms.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-perms.xml?rev=1.2&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-perms.xml?rev=1.2&content-type=text/plain
12	diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-perms.xml?r1=1.1&r2=1.2
13
14	Index: shb-perms.xml
15	===================================================================
16	RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-perms.xml,v
17	retrieving revision 1.1
18	retrieving revision 1.2
19	diff -u -r1.1 -r1.2
20	--- shb-perms.xml 1 Jun 2005 15:43:47 -0000 1.1
21	+++ shb-perms.xml 16 Sep 2006 20:48:37 -0000 1.2
22	@@ -1,5 +1,5 @@
23	<?xml version='1.0' encoding='UTF-8'?>
24	-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-perms.xml,v 1.1 2005/06/01 15:43:47 neysx Exp $ -->
25	+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-perms.xml,v 1.2 2006/09/16 20:48:37 neysx Exp $ -->
26	<!DOCTYPE sections SYSTEM "/dtd/book.dtd">
27
28	<!-- The content of this document is licensed under the CC-BY-SA license -->
29	@@ -30,10 +30,8 @@
30	<body>
31
32	<pre caption="Finding world-writable files and directories">
33	-# <i>/usr/bin/find / -type f \( -perm -2 -o -perm -20 \) \
34	- -exec ls -lg {} \; 2>/dev/null >writable.txt</i>
35	-# <i>/usr/bin/find / -type d \( -perm -2 -o -perm -20 \) \
36	- -exec ls -ldg {} \; 2>/dev/null >>writable.txt</i>
37	+# <i>find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \; 2>/dev/null >writable.txt</i>
38	+# <i>find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; 2>/dev/null >>writable.txt</i>
39	</pre>
40
41	<p>
42	@@ -62,8 +60,7 @@
43	</p>
44
45	<pre caption="Finding setuid files">
46	-# <i>/usr/bin/find / -type f \( -perm -004000 -o -perm -002000 \) \
47	- -exec ls -lg {} \; 2>/dev/null >suidfiles.txt</i>
48	+# <i>find / -type f \( -perm -004000 -o -perm -002000 \) -exec ls -lg {} \; 2>/dev/null >suidfiles.txt</i>
49	</pre>
50
51	<p>
52	@@ -95,15 +92,15 @@
53
54	<p>
55	By default Gentoo Linux does not have a lot of SUID files (though this depends
56	-on what you installed), but you might get a list like the one above. Most of the
57	-commands should not be used by normal users, only root. Switch off the SUID bit
58	-on <c>ping</c>, <c>mount</c>, <c>umount</c>, <c>chfn</c>, <c>chsh</c>, <c>newgrp</c>, <c>suidperl</c>, <c>pt_chown</c>
59	-and <c>traceroute</c> by executing <c>chmod -s</c> on every file. Don't
60	-remove the bit on <c>su</c>, <c>qmail-queue</c> or <c>unix_chkpwd</c>. Removing
61	-setuid from those files will prevent you from <c>su</c>'ing and receiving
62	-mail. By removing the bit (where it is safe to do so) you remove the possibility
63	-of a normal user (or an attacker) gaining root access through any of these
64	-files.
65	+on what you installed), but you might get a list like the one above. Most of
66	+the commands should not be used by normal users, only root. Switch off the SUID
67	+bit on <c>ping</c>, <c>mount</c>, <c>umount</c>, <c>chfn</c>, <c>chsh</c>,
68	+<c>newgrp</c>, <c>suidperl</c>, <c>pt_chown</c> and <c>traceroute</c> by
69	+executing <c>chmod -s</c> on every file. Don't remove the bit on <c>su</c>,
70	+<c>qmail-queue</c> or <c>unix_chkpwd</c>. Removing setuid from those files will
71	+prevent you from <c>su</c>'ing and receiving mail. By removing the bit (where
72	+it is safe to do so) you remove the possibility of a normal user (or an
73	+attacker) gaining root access through any of these files.
74	</p>
75
76	<p>
77	@@ -112,6 +109,7 @@
78	But if you are running X, you might have some more, since X needs the elevated
79	access afforded by SUID.
80	</p>
81	+
82	</body>
83	</section>
84	<section>
85
86
87
88	--
89	gentoo-doc-cvs@g.o mailing list

Gentoo Archives: gentoo-doc-cvs