Could be worth also checking for sgid binaries using
"find -perm -4000 -or -perm -2000"
And the real paranoid would instead check for all execs.
--
Guy
At 03:36 12/03/2002, hologram wrote:
>Hi,
>
>The following is a quick shell script to find suid binaries that are
>potentially affected by the zlib vulnability (i.e., those dynamically
>linked).
>
>-[snip]-----------------------------------------------------------------
>
>#!/bin/sh
># zlibscan by hologram <holo@brained.org>
># This will scan to find suid binaries potentially affected by the zlib
># vulnerablity. These are important directories for the Linux system,
># try different ones for other systems (i.e., /usr/etc, /usr/local/bin).
>(ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst
>(ldd `find /sbin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>(ldd `find /usr/bin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>(ldd `find /etc -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>(ldd `find /var -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>
>-[snap]-----------------------------------------------------------------
>
>- hologram
