Re: World-writable files installed by ports

2006-09-04 Thread Kris Kennaway
On Mon, Sep 04, 2006 at 10:25:09PM +0400, Andrew Pantyukhin wrote: > >> BTW, I wonder why www/phpmyfaq is not in your list. > > > >What a+w file does it install? > > [EMAIL PROTECTED]:~> find /usr/local/www/phpmyfaq -perm -a+w > /usr/local/www/phpmyfaq/inc > /usr/local/www/phpmyfaq/images > /usr/

Re: World-writable files installed by ports

2006-09-04 Thread Andrew Pantyukhin
On 9/4/06, Kris Kennaway <[EMAIL PROTECTED]> wrote: On Mon, Sep 04, 2006 at 09:35:03PM +0400, Andrew Pantyukhin wrote: > On 9/4/06, Kris Kennaway <[EMAIL PROTECTED]> wrote: > >On Mon, Sep 04, 2006 at 08:48:26PM +0400, Andrew Pantyukhin wrote: > >> On 9/1/06, Andrew Pantyukhin <[EMAIL PROTECTED]>

Re: World-writable files installed by ports

2006-09-04 Thread Kris Kennaway
On Mon, Sep 04, 2006 at 09:35:03PM +0400, Andrew Pantyukhin wrote: > On 9/4/06, Kris Kennaway <[EMAIL PROTECTED]> wrote: > >On Mon, Sep 04, 2006 at 08:48:26PM +0400, Andrew Pantyukhin wrote: > >> On 9/1/06, Andrew Pantyukhin <[EMAIL PROTECTED]> wrote: > >> >On 9/1/06, Kris Kennaway <[EMAIL PROTECTE

Re: World-writable files installed by ports

2006-09-04 Thread Andrew Pantyukhin
On 9/4/06, Kris Kennaway <[EMAIL PROTECTED]> wrote: On Mon, Sep 04, 2006 at 08:48:26PM +0400, Andrew Pantyukhin wrote: > On 9/1/06, Andrew Pantyukhin <[EMAIL PROTECTED]> wrote: > >On 9/1/06, Kris Kennaway <[EMAIL PROTECTED]> wrote: > >> On Thu, Aug 31, 2006 at 10:19:24AM -0400, Kris Kennaway wrot

Re: World-writable files installed by ports

2006-09-04 Thread Kris Kennaway
On Mon, Sep 04, 2006 at 08:48:26PM +0400, Andrew Pantyukhin wrote: > On 9/1/06, Andrew Pantyukhin <[EMAIL PROTECTED]> wrote: > >On 9/1/06, Kris Kennaway <[EMAIL PROTECTED]> wrote: > >> On Thu, Aug 31, 2006 at 10:19:24AM -0400, Kris Kennaway wrote: > >> > On Thu, Aug 31, 2006 at 06:15:18PM +0400, An

Re: World-writable files installed by ports

2006-09-04 Thread Andrew Pantyukhin
On 9/1/06, Andrew Pantyukhin <[EMAIL PROTECTED]> wrote: On 9/1/06, Kris Kennaway <[EMAIL PROTECTED]> wrote: > On Thu, Aug 31, 2006 at 10:19:24AM -0400, Kris Kennaway wrote: > > On Thu, Aug 31, 2006 at 06:15:18PM +0400, Andrew Pantyukhin wrote: > > > Under no circumstances should a port install wo

Re: World-writable files installed by ports

2006-09-01 Thread Andrew Pantyukhin
On 9/1/06, Kris Kennaway <[EMAIL PROTECTED]> wrote: On Thu, Aug 31, 2006 at 10:19:24AM -0400, Kris Kennaway wrote: > On Thu, Aug 31, 2006 at 06:15:18PM +0400, Andrew Pantyukhin wrote: > > Under no circumstances should a port install world-writable > > files or directories. In most cases this open

Re: World-writable files installed by ports

2006-08-31 Thread Kris Kennaway
On Thu, Aug 31, 2006 at 10:19:24AM -0400, Kris Kennaway wrote: > On Thu, Aug 31, 2006 at 06:15:18PM +0400, Andrew Pantyukhin wrote: > > Under no circumstances should a port install world-writable > > files or directories. In most cases this opens the system to all > > kinds of attacks. A simple gre

Re: World-writable files installed by ports

2006-08-31 Thread Stanislav Sedov
On Thu, 31 Aug 2006 20:34:21 +0400 Stanislav Sedov <[EMAIL PROTECTED]> mentioned: > > Hmm, strange method... In fact, most of port you listed are harmless. > Sorry, now I see that the word 'most' isn't applicable here. My apologizes. -- Stanislav Sedov MBSD labs, Inc. <[EMAIL P

Re: World-writable files installed by ports

2006-08-31 Thread Stanislav Sedov
On Thu, 31 Aug 2006 18:51:27 +0400 "Andrew Pantyukhin" <[EMAIL PROTECTED]> mentioned: > On 8/31/06, Alex Dupre <[EMAIL PROTECTED]> wrote: > > Andrew Pantyukhin ha scritto: > > > Under no circumstances should a port install world-writable > > > files or directories. > > > > > www/eaccelerator/Makef

Re: World-writable files installed by ports

2006-08-31 Thread Andrew Pantyukhin
On 8/31/06, Alex Dupre <[EMAIL PROTECTED]> wrote: Andrew Pantyukhin ha scritto: > Under no circumstances should a port install world-writable > files or directories. > www/eaccelerator/Makefile Where? I suspect you grep'ed 777 inside Makefiles, but in eaccelerator there is indeed a 's/777/755/'

Re: World-writable files installed by ports

2006-08-31 Thread Alex Dupre
Andrew Pantyukhin ha scritto: > Under no circumstances should a port install world-writable > files or directories. > www/eaccelerator/Makefile Where? I suspect you grep'ed 777 inside Makefiles, but in eaccelerator there is indeed a 's/777/755/' substitution :-) -- Alex Dupre ___

Re: World-writable files installed by ports

2006-08-31 Thread Kris Kennaway
On Thu, Aug 31, 2006 at 06:15:18PM +0400, Andrew Pantyukhin wrote: > Under no circumstances should a port install world-writable > files or directories. In most cases this opens the system to all > kinds of attacks. A simple grep brings the following list of > makefiles to attention. I imagine that

World-writable files installed by ports

2006-08-31 Thread Andrew Pantyukhin
Under no circumstances should a port install world-writable files or directories. In most cases this opens the system to all kinds of attacks. A simple grep brings the following list of makefiles to attention. I imagine that samba ports are somehow justified, as for the other ones, I hope secteam