Hello Jeb, sorry for the delay.
----- Original Message ----- > From: "Jeb D CTR Trayer" <[email protected]> > To: [email protected] > Sent: Tuesday, December 3, 2013 1:18:16 PM > Subject: RE: [PATCH] fix for find command parameters in > RHEL6/input/fixes/bash/file_permissions_library_dirs.sh > > Good morning all! I sent this out last week, I know it was a holiday week > and everyone is probably still catching up on emails but wanted to make sure > this didn't fall through the cracks if someone gets a chance to look at it. > > Thanks! > > Jeb Trayer, CTR > Ace Info Solutions, Inc. > USCG Operations System Center > [email protected] > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Trayer, Jeb D CTR > Sent: Tuesday, November 26, 2013 10:49 AM > To: [email protected] > Subject: [PATCH] fix for find command parameters in > RHEL6/input/fixes/bash/file_permissions_library_dirs.sh > > A colleague found during testing, that the find command for checking/fixing > group or world writeable files in library directories had the -perm flag set > as -022 (all bits set) instead of /022 (any bits set). I updated > RHEL6/input/fixes/bash/file_permissions_library_dirs.sh and generated this > patch to update the fix content. > > I can't push this patch so if its approved, so if someone that could, doesn't > mind it's appreciated. Yes, good catch (we want to remediate permissions on all files in library directories that have either group-writable or world-writable permissions set. Not just only on those files that meet both of the requirements). So your proposal is correct. ACK for pushing from me. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > > Thanks! > > Jeb Trayer, CTR > Ace Info Solutions, Inc. > USCG Operations System Center > [email protected] > > > Signed-off-by: Jeb Trayer <[email protected]> > --- > .../fixes/bash/file_permissions_library_dirs.sh | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh > b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh > index 263612f..7de0740 100644 > --- a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh > +++ b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh > @@ -1,4 +1,4 @@ > DIRS="/lib /lib64 /usr/lib /usr/lib64" > for dirPath in $DIRS; do > - find $dirPath -perm -022 -type f -exec chmod go-w '{}' \; > + find $dirPath -perm /022 -type f -exec chmod go-w '{}' \; > done > -- > 1.7.1 > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
