You are not logged in.
It seems like you would never want these permissions (**7), but out of curiosity today I ran
cd /
find . -perm -003
And a whole lot of files came up (i realized thats only a **3, but most files were indeeed **7). Is that OK? Couldn't anyone who can access those files put
#!/bin/bash or even
#!/usr/bin/env perl
at the top of the file and then execute it?
I realize so long as the rest of your filesystem is properly permissioned the damage a script running under the context of the invader would be minimal... but it seems better to just never have both w and x bits set for the others group. Anyone know why these files have these settings? Couple of them are in firefox, ton of them in /etc/ssl/certs. Is it safe to leave these as is?
Last edited by drostin77 (2009-11-10 23:47:41)
Offline
Note that many/all of those are symlinks....
Offline
Thanks for the response. Many, not all the files are symlinks. I did note that. I wondered if it was important. I read about it for a bit and learned about symlink permissions, was ignorant before, sorry to post before researching (and for not updating!). Anyway, the ssl files are symlinks, but...
But what about the files that aren't? There is no reason they should be left with those permissions right?... I can't come up with a scenario where it would be important that 'others' could write and then execute... but before running a global o-w on **7 files I wanted to double check...
Offline
What files are you finding with those permissions that are not symlinks?
file $(find . -perm -003) | grep -v symbolic
I scanned /{bin,lib,sbin} and found nothing.
Offline
Thanks much, I did the same thing but did a chmod o-w on all results.
Offline