On Fri, 24 Oct 2003 14:36:28 -0700, SMS WebMaster muttered:
> I have Gentoo 1.4 (updated) in my laptop and I executed the commands :
>
> /usr/bin/find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {}
> \; 2>/dev/null >writable.txt &&
> /usr/bin/find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {}
> \; 2>/dev/null >>writable.txt &&
> /usr/bin/find / -type f \( -perm -004000 -o -perm -002000 \) -exec ls
> -lg {} \; 2>/dev/null >suidfiles.txt
You shouldn't be checking for -perm -20. This specifies group-writable
files, which are safe.> -rw-rw-r-- 1 games 0 Oct 12 23:05 > /var/lib/games/gnotski.7.scores ... Normal. Games need to be SUID (dangerous!) or have these files set world-writable to save scores properly. > -rw-rw---- 1 mysql 1064 Sep 18 07:12 > /var/lib/mysql/Programming/CodeLibrary.MYD ... Looks fine to me. It isn't world-writable, so it's safe. > -rw-rw-r-- 1 utmp 2436096 Oct 19 06:14 /var/log/wtmp ...more group-writable files in /var/log -- this one MUST be set group-writable to get it to be updated properly... > -rw-rw-r-- 1 portage 276 Feb 13 2003 > /var/cache/edb/dep/x11-plugins/gkrellsun-0.2 ...portage group-writable files are OK, I would think... > -rw-rw-r-- 1 root 4909 Aug 19 16:41 ...and more group-writable files. All safe. > Should I report this bug to Gentoo bugzilla ?? No. -- Andrew Farmer [EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
