[gentoo-user] Security bugs in Gentoo ?

SMS WebMaster Fri, 24 Oct 2003 12:57:40 -0700

Hi

I have Gentoo 1.4 (updated) in my laptop and I executed the commands :

/usr/bin/find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \; 2>/dev/null >writable.txt && /usr/bin/find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; 2>/dev/null >>writable.txt && /usr/bin/find / -type f \( -perm -004000 -o -perm -002000 \) -exec ls -lg {} \; 2>/dev/null >suidfiles.txt

in my box (this command from Gentoo Linux Security Guide "" )

and I have too many writable files in Gentoo : (writable.txt) :

-rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gnotski.7.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gnibbles.3.0.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gnotski.2.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gnomine.Large.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/glines.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/mahjongg.easy.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gnotski.24.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gnibbles.1.1.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gtali.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gnotski.15.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gnobots2.robots2_easy-safe.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gnotski.4.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gnobots2.robots_with_safe_teleport-safe.scores -rw-rw-r-- 1 games 0 Oct 12 23:05 /var/lib/games/gnobots2.robots2_easy-super-safe.scores ....... ....... -rw-rw---- 1 mysql 1064 Sep 18 07:12 /var/lib/mysql/Programming/CodeLibrary.MYD -rw-rw---- 1 mysql 2048 Sep 18 22:06 /var/lib/mysql/Programming/CodeLibrary.MYI -rw-rw---- 1 mysql 8880 Sep 17 00:06 /var/lib/mysql/Programming/CodeLibrary.frm -rw-rw---- 1 mysql 19596 Sep 24 19:38 /var/lib/mysql/test/Products.MYD -rw-rw---- 1 mysql 2048 Sep 25 18:28 /var/lib/mysql/test/Products.MYI ....... ....... -rw-rw-r-- 1 utmp 2436096 Oct 19 06:14 /var/log/wtmp -rw-rw---- 1 mysql 9700 Oct 16 10:41 /var/log/mysql/mysql.err -rw-rw---- 1 mysql 93648883 Oct 16 10:38 /var/log/mysql/mysql.log -rw-rw-r-- 1 utmp 4608 Oct 19 06:14 /var/run/utmp -rw-rw-r-- 1 portage 0 Aug 20 00:01 /var/tmp/portage/giblib-1.2.2/temp/successful -rw-rw-r-- 1 portage 0 Sep 7 21:11 /var/tmp/portage/libxmlpp-0.21.0/temp/successful -rw-rw-r-- 1 portage 78626 Aug 17 10:16 /var/tmp/portage/openjade-1.3.2-r1/temp ....... ....... -rw-rw-r-- 1 portage 276 Feb 13 2003 /var/cache/edb/dep/x11-plugins/gkrellsun-0.2 -rw-rw-r-- 1 portage 261 Feb 13 2003 /var/cache/edb/dep/x11-plugins/gkrellsun-0.9 -rw-rw-r-- 1 portage 235 Oct 10 19:38 /var/cache/edb/dep/x11-plugins/karamba-news_panel-0.5 -rw-rw-r-- 1 portage 304 Oct 16 19:37 /var/cache/edb/dep/x11-plugins/wmsysmon-0.7.6 -rw-rw-r-- 1 portage 192 Oct 6 10:09 /var/cache/edb/dep/x11-plugins/gkacpi-0.5 -rw-rw-r-- 1 portage 209 Sep 6 09:11 /var/cache/edb/dep/x11-plugins/asclock-2.0.12 -rw-rw-r-- 1 portage 218 Oct 6 10:09 /var/cache/edb/dep/x11-plugins/gkrellm-reminder-0.3.5 ....... ....... ....... -rw-rw-r-- 1 root 4909 Aug 19 16:41 /usr/share/doc/db-3.2.9-r7/html/api_cxx/env_close.html -rw-rw-r-- 1 root 3363 Aug 19 16:41 /usr/share/doc/db-3.2.9-r7/html/api_cxx/env_set_lg_bsize.html -rw-rw-r-- 1 root 10056 Aug 19 16:41 /usr/share/doc/db-3.2.9-r7/html/api_cxx/dbc_get.html -rw-rw-r-- 1 root 3517 Aug 19 16:41 /usr/share/doc/db-3.2.9-r7/html/api_cxx/memp_fclose.html -rw-rw-r-- 1 root 4268 Aug 19 16:41 /usr/share/doc/db-3.2.9-r7/html/api_cxx/db_set_errfile.html ............. -rw-rw-r-- 1 root 233 Sep 4 10:10 /usr/portage/metadata/cache/x11-themes/gentoo-artwork-0.2 -rw-rw-r-- 1 root 222 Sep 13 00:42 /usr/portage/metadata/cache/x11-themes/gentoo-artwork-0.3 -rw-rw-r-- 1 root 1300 Sep 4 08:41 /usr/portage/metadata/cache/x11-themes/mplayer-skins-0.1-r1 ........... -rw-rw-rw- 1 root 516 May 14 11:05 /root/.mozilla/default/hoea5s71.slt/chrome/userContent.css -rw-rw---- 1 root 366 Aug 26 14:42 /root/.realnetworks/RealShared_0_0 -rw-rw---- 1 root 26977 Sep 1 17:43 /root/.realnetworks/Gemini_0_1 -rw-rw---- 1 root 753 Oct 1 02:48 /root/.realnetworks/RealPlayer_9_0 -rw-rw---- 1 root 26328 Oct 1 02:48 /root/.realnetworks/RealMediaSDK_6_0

Should I report this bug to Gentoo bugzilla ??


--
http://www.4-SMS.Com
http://eShop.4-SMS.Com
http://Mozilla.4-SMS.Com
-*- If Linux doesn't have the solution, you have the wrong problem -*-


--
[EMAIL PROTECTED] mailing list

[gentoo-user] Security bugs in Gentoo ?

Reply via email to