You are not logged in.

#1 2009-11-06 06:44:04

drostin77
Member
Registered: 2009-07-15
Posts: 45

[SOLVED] a=rwx (**7) permissions. Why?

It seems like you would never want these permissions (**7), but out of curiosity today I ran

cd /
find . -perm -003

And a whole lot of files came up (i realized thats only a **3, but most files were indeeed **7). Is that OK?  Couldn't anyone who can access those files put

#!/bin/bash         or even
#!/usr/bin/env perl

at the top of the file and then execute it?

I realize so long as the rest of your filesystem is properly permissioned the damage a script running under the context of the invader would be minimal... but it seems better to just never have both w and x bits set for the others group.  Anyone know why these files have these settings?  Couple of them are in firefox, ton of them in /etc/ssl/certs.  Is it safe to leave these as is?

Last edited by drostin77 (2009-11-10 23:47:41)

Offline

#2 2009-11-06 07:15:31

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: [SOLVED] a=rwx (**7) permissions. Why?

Note that many/all of those are symlinks....

Offline

#3 2009-11-06 08:19:56

drostin77
Member
Registered: 2009-07-15
Posts: 45

Re: [SOLVED] a=rwx (**7) permissions. Why?

Thanks for the response.  Many, not all the files are symlinks.  I did note that.  I wondered if it was important.  I read about it for a bit and learned about symlink permissions, was ignorant before, sorry to post before researching (and for not updating!).  Anyway, the ssl files are symlinks, but...

But what about the files that aren't?  There is no reason they should be left with those permissions right?... I can't come up with a scenario where it would be important that 'others' could write and then execute... but before running a global o-w on **7 files I wanted to double check...

Offline

#4 2009-11-06 08:53:14

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: [SOLVED] a=rwx (**7) permissions. Why?

What files are you finding with those permissions that are not symlinks?

file $(find . -perm -003) | grep -v symbolic

I scanned /{bin,lib,sbin} and found nothing.

Offline

#5 2009-11-10 23:47:19

drostin77
Member
Registered: 2009-07-15
Posts: 45

Re: [SOLVED] a=rwx (**7) permissions. Why?

Thanks much, I did the same thing but did a chmod o-w on all results.

Offline

Board footer

Powered by FluxBB