1 |
neysx 06/09/16 20:48:37 |
2 |
|
3 |
Modified: shb-perms.xml |
4 |
Log: |
5 |
#147760 join lines |
6 |
|
7 |
Revision Changes Path |
8 |
1.2 xml/htdocs/doc/en/security/shb-perms.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-perms.xml?rev=1.2&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-perms.xml?rev=1.2&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-perms.xml?r1=1.1&r2=1.2 |
13 |
|
14 |
Index: shb-perms.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-perms.xml,v |
17 |
retrieving revision 1.1 |
18 |
retrieving revision 1.2 |
19 |
diff -u -r1.1 -r1.2 |
20 |
--- shb-perms.xml 1 Jun 2005 15:43:47 -0000 1.1 |
21 |
+++ shb-perms.xml 16 Sep 2006 20:48:37 -0000 1.2 |
22 |
@@ -1,5 +1,5 @@ |
23 |
<?xml version='1.0' encoding='UTF-8'?> |
24 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-perms.xml,v 1.1 2005/06/01 15:43:47 neysx Exp $ --> |
25 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-perms.xml,v 1.2 2006/09/16 20:48:37 neysx Exp $ --> |
26 |
<!DOCTYPE sections SYSTEM "/dtd/book.dtd"> |
27 |
|
28 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
29 |
@@ -30,10 +30,8 @@ |
30 |
<body> |
31 |
|
32 |
<pre caption="Finding world-writable files and directories"> |
33 |
-# <i>/usr/bin/find / -type f \( -perm -2 -o -perm -20 \) \ |
34 |
- -exec ls -lg {} \; 2>/dev/null >writable.txt</i> |
35 |
-# <i>/usr/bin/find / -type d \( -perm -2 -o -perm -20 \) \ |
36 |
- -exec ls -ldg {} \; 2>/dev/null >>writable.txt</i> |
37 |
+# <i>find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \; 2>/dev/null >writable.txt</i> |
38 |
+# <i>find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; 2>/dev/null >>writable.txt</i> |
39 |
</pre> |
40 |
|
41 |
<p> |
42 |
@@ -62,8 +60,7 @@ |
43 |
</p> |
44 |
|
45 |
<pre caption="Finding setuid files"> |
46 |
-# <i>/usr/bin/find / -type f \( -perm -004000 -o -perm -002000 \) \ |
47 |
- -exec ls -lg {} \; 2>/dev/null >suidfiles.txt</i> |
48 |
+# <i>find / -type f \( -perm -004000 -o -perm -002000 \) -exec ls -lg {} \; 2>/dev/null >suidfiles.txt</i> |
49 |
</pre> |
50 |
|
51 |
<p> |
52 |
@@ -95,15 +92,15 @@ |
53 |
|
54 |
<p> |
55 |
By default Gentoo Linux does not have a lot of SUID files (though this depends |
56 |
-on what you installed), but you might get a list like the one above. Most of the |
57 |
-commands should not be used by normal users, only root. Switch off the SUID bit |
58 |
-on <c>ping</c>, <c>mount</c>, <c>umount</c>, <c>chfn</c>, <c>chsh</c>, <c>newgrp</c>, <c>suidperl</c>, <c>pt_chown</c> |
59 |
-and <c>traceroute</c> by executing <c>chmod -s</c> on every file. Don't |
60 |
-remove the bit on <c>su</c>, <c>qmail-queue</c> or <c>unix_chkpwd</c>. Removing |
61 |
-setuid from those files will prevent you from <c>su</c>'ing and receiving |
62 |
-mail. By removing the bit (where it is safe to do so) you remove the possibility |
63 |
-of a normal user (or an attacker) gaining root access through any of these |
64 |
-files. |
65 |
+on what you installed), but you might get a list like the one above. Most of |
66 |
+the commands should not be used by normal users, only root. Switch off the SUID |
67 |
+bit on <c>ping</c>, <c>mount</c>, <c>umount</c>, <c>chfn</c>, <c>chsh</c>, |
68 |
+<c>newgrp</c>, <c>suidperl</c>, <c>pt_chown</c> and <c>traceroute</c> by |
69 |
+executing <c>chmod -s</c> on every file. Don't remove the bit on <c>su</c>, |
70 |
+<c>qmail-queue</c> or <c>unix_chkpwd</c>. Removing setuid from those files will |
71 |
+prevent you from <c>su</c>'ing and receiving mail. By removing the bit (where |
72 |
+it is safe to do so) you remove the possibility of a normal user (or an |
73 |
+attacker) gaining root access through any of these files. |
74 |
</p> |
75 |
|
76 |
<p> |
77 |
@@ -112,6 +109,7 @@ |
78 |
But if you are running X, you might have some more, since X needs the elevated |
79 |
access afforded by SUID. |
80 |
</p> |
81 |
+ |
82 |
</body> |
83 |
</section> |
84 |
<section> |
85 |
|
86 |
|
87 |
|
88 |
-- |
89 |
gentoo-doc-cvs@g.o mailing list |