Steve Fox <[EMAIL PROTECTED]> writes: > Hey all. > > I just read a Security Portal article at > http://securityportal.com/direct.cgi?/closet/closet20000301.html and > thought it be interesting to scan my system for world-writeable files > and directories. > > Here's the results of the directory scan: > ----------------------------------------- > /mnt/cdrom2 > /mnt/floppy > /tmp > /tmp/.font-unix > /tmp/.X11-unix > /tmp/.ICE-unix > /tmp/.esd > /var/tmp > /var/lib/cddb > /var/lib/svgalib > /var/lib/texmf > /var/lock/xemacs > /var/preserve/vi.recover > /var/spool/postfix/maildrop > /var/spool/slrnpull/out.going > /var/spool/samba > /var/spool/fax/outgoing > /var/spool/fax/outgoing/locks > /usr/share/apps/kscd/cddb/blues > /usr/share/apps/kscd/cddb/classical > /usr/share/apps/kscd/cddb/country > /usr/share/apps/kscd/cddb/data > /usr/share/apps/kscd/cddb/folk > /usr/share/apps/kscd/cddb/jazz > /usr/share/apps/kscd/cddb/misc > /usr/share/apps/kscd/cddb/newage > /usr/share/apps/kscd/cddb/reggae > /usr/share/apps/kscd/cddb/rock > /usr/share/apps/kscd/cddb/soundtrack > > So it looks like kscd (the KDE cdplayer), samba, postfix, some some fax > thingy are the biggest offenders. > > Here's the results of the directory scan: > ---------------------------------------- > /var/lib/games/xtrojka.score > /var/lib/games/xboing.score > /var/lib/games/trojka.scores > /var/lib/games/xjewel.scores > /var/lib/texmf/ls-R > /var/log/mysql.log > [snip] > /usr/local/Office51/template/educate/diploma.vor > /usr/local/Office51/template/educate/paper.vor > /usr/local/Office51/template/educate/timetabl.vor > [snip] > /usr/local/Office51/autotext/acor1033.dat > /usr/local/Office51/autotext/signatur.bau > /usr/local/Office51/autotext/standard.bau > /usr/local/Office51/autotext/template.bau > /usr/local/Office51/01_hyph.dat > /usr/local/Office51/01_spell.dat > /usr/local/Office51/01_thes.dat > /usr/local/Office51/49_hyph.dat > /usr/local/Office51/49_spell.dat > /usr/local/Office51/49_thes.dat > /usr/share/apps/kpacman/highScore > > It appears that StarOffice is the big offender here...maybe someone from > Mandrake could write Sun about this? I wouldn't think that you'd want > everybody to be able to update the templates anyways, so you shouldn't > lose any functionality in changing this. The other main items would be > games, which I would assume are set this way so that the highscore > tables can be shared/updated by all users on the system? As far as the > mysql.log file goes, I'm not using the Mandrake MySQL packages because > they are lagging behind in version (an upgrade to 3.22.32 was > recommended due to security reasons). So that would be an issue for the > MySQL package maintainer. > > I didn't do any of the setuid/setgid scanning because I would have no > idea why some need these bits set and others don't. I'm not a security > expert by any means. Just thought that I'd pass this info along...I'd > say that Mandrake stuff is packaged quite well actually...I expected to > find more. > > Keep up the great work guys/gals! > This should had been fixed before the release, when msec ( which issue this kind of warning ) was going on and package maintainers should took a look at that... Apparently, they didn't... No comment :-( . -- -- Yoann http://prelude.sourceforge.net It is well known that M$ product don't make a free() after a malloc(), the unix community wish them good luck for their future developement.
