xfs
[Top] [All Lists]

Re: Insecure world writable files from XFS 1.0.1 ISO installer

To: linux-xfs <linux-xfs@xxxxxxxxxxx>
Subject: Re: Insecure world writable files from XFS 1.0.1 ISO installer
From: Dean Brissinger <brissing@xxxxxxxxxx>
Date: Thu, 2 Aug 2001 10:29:20 -0600
In-reply-to: <3B69610B.41A40F18@ch.sauter-bc.com>
References: <3B694B49.209B904C@ch.sauter-bc.com> <3B695A70.6C2D70FD@sgi.com> <3B69610B.41A40F18@ch.sauter-bc.com>
Sender: owner-linux-xfs@xxxxxxxxxxx
At 4:17 PM +0200 8/2/01, Simon Matter wrote:
Eric Sandeen schrieb:

Simon Matter wrote: > > When installing from the ISO RH7.1-SGI-XFS-1.0.1, all system config > files and directories which are not part of an RPM are installed world > writeable (mode 666/777).

 Which files, for example?  So this does NOT happen with either stock Red
 Hat or XFS 1.0?  Not sure what might be causing this...

Sorry for not providing more information.

It does NOT happen with XFS 1.0 release. I guess it also does not occur
with stock RH installer.
My dirty find script looks like that:

#!/bin/sh
find . -type f -o -type d | while read xxx; do
  rpm -qf $xxx > /dev/null
  RETVAL=$?
  if [ $RETVAL -gt 0 ]; then
    find $xxx -perm -022 -exec ls -lad {} \;
  fi
done


I haven't looked to see if this applies to directories other than /etc yet. But here's a brute force way of patching the problem on 1.0.1 systems based on an expanded version of the above script. Uncomment the chmod commands if you want to actually change the modes otherwise it just tells you what it would be doing to your system. Use at your own risk and I suggest testing it w/ the comments in there before you let it loose. =)


#!/bin/sh find . -type f -o -type d | while read xxx; do rpm -qf $xxx > /dev/null RETVAL=$? if [ $RETVAL -gt 0 ]; then files=`find $xxx -perm -022 -a ! -type l` for file in $files; do if [ -n "$file" ]; then ls -ld $file if [ -e $file -a ! -d $file ]; then echo "Changing mode: chmod 644 $file"; #chmod 644 $file else echo "Changing mode: chmod 755 $file"; #chmod 755 $file fi fi done fi done


--
. . . . . . . . ooo . . . . ooo . . . . . . . . .
. .
. Dean Brissinger - Systems Administrator .
. Direct: 303-583-0278 Main: 303-444-0094 . . Fax: 303-583-0246 http://www.vexcel.com/ .
. .
. . . . . . . oOOo . . A . . oOOo . . . . . . . .
0 0
'````



<Prev in Thread] Current Thread [Next in Thread>