[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Insecure world writable files from XFS 1.0.1 ISO installer
At 4:17 PM +0200 8/2/01, Simon Matter wrote:
>Eric Sandeen schrieb:
>>
>> Simon Matter wrote:
>> >
>> > When installing from the ISO RH7.1-SGI-XFS-1.0.1, all system config
>> > files and directories which are not part of an RPM are installed world
>> > writeable (mode 666/777).
>>
>> Which files, for example? So this does NOT happen with either stock Red
>> Hat or XFS 1.0? Not sure what might be causing this...
>
>Sorry for not providing more information.
>
>It does NOT happen with XFS 1.0 release. I guess it also does not occur
>with stock RH installer.
>My dirty find script looks like that:
>
>#!/bin/sh
>find . -type f -o -type d | while read xxx; do
> rpm -qf $xxx > /dev/null
> RETVAL=$?
> if [ $RETVAL -gt 0 ]; then
> find $xxx -perm -022 -exec ls -lad {} \;
> fi
>done
I haven't looked to see if this applies to directories other than
/etc yet. But here's a brute force way of patching the problem on
1.0.1 systems based on an expanded version of the above script.
Uncomment the chmod commands if you want to actually change the modes
otherwise it just tells you what it would be doing to your system.
Use at your own risk and I suggest testing it w/ the comments in
there before you let it loose. =)
#!/bin/sh
find . -type f -o -type d | while read xxx; do
rpm -qf $xxx > /dev/null
RETVAL=$?
if [ $RETVAL -gt 0 ]; then
files=`find $xxx -perm -022 -a ! -type l`
for file in $files; do
if [ -n "$file" ]; then
ls -ld $file
if [ -e $file -a ! -d $file ]; then
echo "Changing mode: chmod 644 $file"; #chmod 644 $file
else
echo "Changing mode: chmod 755 $file"; #chmod 755 $file
fi
fi
done
fi
done
--
. . . . . . . . ooo . . . . ooo . . . . . . . . .
. .
. Dean Brissinger - Systems Administrator .
. Direct: 303-583-0278 Main: 303-444-0094 .
. Fax: 303-583-0246 http://www.vexcel.com/ .
. .
. . . . . . . oOOo . . A . . oOOo . . . . . . . .
0 0
'````