On Sat, 2004-10-02 at 13:21, Paul W. Frields wrote:
On Fri, 2004-10-01 at 18:45, tuxxer wrote:
[...snip...]
> An html view of the doc, as well as ongoing developments (in html
> format), will still be available at the link below. Please provide
> direct feedback, criticisms, praise, jeers, etc. to the list, or my
> email off-list, if desired.
>
>
http://members.cox.net/tuxxer
Hi Charlie, you may want to change the bottom example in Section 2.1.
The way I read it, you are doing 64 (!!!) complete traversals of the
file system to find these files, when only one is necessary. Try
removing the "for" loops and doing instead:
find / -perm +002 | tee -a world-writable-files.txt
Keep in mind that this list will include a lot of /dev entries that
don't really indicate a problem (tty's and such), not to mention links.
You might want to declare that you do not want to look at block or
character special devices, or links, and just regular files and
directories. Although it's conceivable one might miss something glaring,
system hardening should probably be done before one is connected to the
Internet, and right after installation, so it's unlikely that skipping
these files would expose you to much risk.
find / \( -type d -o -type f \) -perm +002 | tee -a world-writable.txt
--
Paul W. Frields, RHCE
Much more elegant, and quite effective. Thanks. I've updated it in the
html draft at
http://members.cox.net/tuxxer, but I'm not going to submit
a new tarball until I have more of Chapter 3 done (or completely done).
Also, it was pointed out that I missed a step when uploading the tarball
to the bug. I didn't select the MIME type. So, if you have any issues,
the file is a gzipped-tarball in *.tgz format. Sorry, I'll get it next
time. ;-)
-Charlie
--
--
tuxxer <tuxxer(a)cox(dot)net>
<== tuxxer's gpg key fingerprint ==>
57EB F948 76AE 25BC E340 EFA9 FAF6 E1AC F1E1 1EA1