Each day, Mandrake Security runs program msec_find to locate all the world
writable files. Unfortunately, it also lists pipes and sockets, as in:
Security Warning: World Writeable files found :
- /tmp/.ICE-unix
- /tmp/.X11-unix
- /tmp/.esd
- /tmp/.font-unix
- /var/apache-mm
- /var/lib/texmf
- /var/spool/postfix/maildrop
- /var/spool/postfix/private/tlsmgr
- /var/spool/postfix/public/pickup
- /var/spool/postfix/public/qmgr
- /var/spool/samba
Most of the "file" listed in /tmp are actually sockets and most of the ones
in /var/spool/postfix are actually fifos. Using my patched msec_find,
here's the new (shorter) list of world writeable files:
/tmp
/tmp/.esd
/tmp/.font-unix
/tmp/.X11-unix
/tmp/.ICE-unix
/var/spool/postfix/maildrop
/var/spool/samba
And here's the patch ...
--- msec-0.20/src/msec_find/find.c Tue Apr 18 12:30:51 2000
+++ msec-0.20.1/src/msec_find/find.c Thu May 23 11:42:42 2002
@@ -106,8 +106,11 @@
case FTW_D:
/*
* Is world writeable check.
+ * but neither socket nor pipe.
*/
- if (sb->st_mode & 0002)
+ if ((sb->st_mode & S_IWOTH)
+ && ! S_ISSOCK(sb->st_mode)
+ && ! S_ISFIFO(sb->st_mode) )
fprintf(writeable_fd, "%s\n", file);
/*
* Unowned user check.
*/
Please fix msec_find!!!
Thanks.
David
--------------------------------------------------------
David Relson Osage Software Systems, Inc.
[EMAIL PROTECTED] Ann Arbor, MI 48103
www.osagesoftware.com tel: 734.821.8800
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
