[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Other files a+w, (was Re: Bug#57740: Security: Many files are kept a+w)



On Fri, Feb 11, 2000 at 09:18:15AM -0500, Scott A Crosby wrote:
> If you've done that, then I would also suggest looking at other packages,
> I found several examples of this problem in the packages I have installed.
> 
> I ran a
> 
> >>>
> find /etc /usr /var  \( -type f -o -type d \) -perm +002 -print0 | xargs
> -0 ls -ld --color=yes | less -r
> <<<
> 
> and submitted 8 bug reports on world-writable files and directories
> yesterday. Having someone else go over all of the packages to find other  
> instances and also make sure that these get fixed is a good idea.

Why use a person when you can have a computer do it :-)

http://www.debian.org/lintian/reports/Tnon-standard-file-perm.html
http://www.debian.org/lintian/reports/Tnon-standard-executable-perm.html

RFC: It would be good for lintian to report files with too open permissions 
as errors.

Most serious is the libguile.so bad permissions, more than 2 months
old and even reported on bugtraq (bugs #52315, #54343, #55759). Someone
really should fix that.

> My search also found another misfeature: unzip appears to create its files
> a+rw.

Overriding the umask? Bad..

Colin

Attachment: pgpvY24iEZQo3.pgp
Description: PGP signature


Reply to: