Bug #129957 Update (Fedora Hardening)

tuxxer tuxxer at cox.net
Sat Oct 2 16:12:42 UTC 2004 

On Sat, 2004-10-02 at 13:21, Paul W. Frields wrote:
> On Fri, 2004-10-01 at 18:45, tuxxer wrote:
> [...snip...]
> > An html view of the doc, as well as ongoing developments (in html
> > format), will still be available at the link below.  Please provide
> > direct feedback, criticisms, praise, jeers, etc. to the list, or my
> > email off-list, if desired.
> > 
> > http://members.cox.net/tuxxer
> 
> Hi Charlie, you may want to change the bottom example in Section 2.1.
> The way I read it, you are doing 64 (!!!) complete traversals of the
> file system to find these files, when only one is necessary. Try
> removing the "for" loops and doing instead:
> 
>   find / -perm +002 | tee -a world-writable-files.txt
> 
> Keep in mind that this list will include a lot of /dev entries that
> don't really indicate a problem (tty's and such), not to mention links.
> You might want to declare that you do not want to look at block or
> character special devices, or links, and just regular files and
> directories. Although it's conceivable one might miss something glaring,
> system hardening should probably be done before one is connected to the
> Internet, and right after installation, so it's unlikely that skipping
> these files would expose you to much risk.
> 
>   find / \( -type d -o -type f \) -perm +002 | tee -a world-writable.txt
> 
> -- 
> Paul W. Frields, RHCE

Much more elegant, and quite effective.  Thanks.  I've updated it in the
html draft at http://members.cox.net/tuxxer, but I'm not going to submit
a new tarball until I have more of Chapter 3 done (or completely done).

Also, it was pointed out that I missed a step when uploading the tarball
to the bug.  I didn't select the MIME type.  So, if you have any issues,
the file is a gzipped-tarball in *.tgz format.  Sorry, I'll get it next
time.  ;-)

-Charlie
-- 
--

tuxxer <tuxxer(a)cox(dot)net>

     <== tuxxer's gpg key fingerprint ==>
57EB F948 76AE 25BC E340  EFA9 FAF6 E1AC F1E1 1EA1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/docs/attachments/20041002/859d5a7d/attachment.bin

More information about the docs mailing list