Re: Bug #129957 Update (Fedora Hardening)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2004-10-01 at 18:45, tuxxer wrote:
[...snip...]
> An html view of the doc, as well as ongoing developments (in html
> format), will still be available at the link below.  Please provide
> direct feedback, criticisms, praise, jeers, etc. to the list, or my
> email off-list, if desired.
> 
> http://members.cox.net/tuxxer

Hi Charlie, you may want to change the bottom example in Section 2.1.
The way I read it, you are doing 64 (!!!) complete traversals of the
file system to find these files, when only one is necessary. Try
removing the "for" loops and doing instead:

  find / -perm +002 | tee -a world-writable-files.txt

Keep in mind that this list will include a lot of /dev entries that
don't really indicate a problem (tty's and such), not to mention links.
You might want to declare that you do not want to look at block or
character special devices, or links, and just regular files and
directories. Although it's conceivable one might miss something glaring,
system hardening should probably be done before one is connected to the
Internet, and right after installation, so it's unlikely that skipping
these files would expose you to much risk.

  find / \( -type d -o -type f \) -perm +002 | tee -a world-writable.txt

-- 
Paul W. Frields, RHCE


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Red Hat 9]     [Yosemite News]     [KDE Users]

  Powered by Linux