Subject: Re: misc/29173
To: None <,,>
From: Jeremy C. Reed <>
List: netbsd-bugs
Date: 09/24/2005 16:52:02
The following reply was made to PR misc/29173; it has been noted by GNATS.

From: "Jeremy C. Reed" <>
Subject: Re: misc/29173
Date: Sat, 24 Sep 2005 09:51:37 -0700 (PDT)

 On Sat, 24 Sep 2005 wrote:
 > Half-baked ``solution'' to a problem I can't put my finger on.
 This is not fair response to someone who filed a legitimate PR. (Maybe 
 there was discussion not included in the PR?)
 "Find all world writeable elements of dangerous directories in a 
 filesystem" is a great idea.
 This could be added to /etc/security and /etc/defaults/security.conf as 
 I'd just have it check entire filesystem and not selected directories, but 
 that would be easy with another security.conf(5) setting: 
 check_worldwritable_dirs="/" or check_worldwritable_dirs="/bin /sbin", 
 The find option in the PR should use -0002 instead of +0002. Also it 
 should exclude symlinks.
 Please reopen this PR.
 Here is a simple, untested idea:
 # Find all world writeable files
 if checkyesno check_worldwritable ; then
  	find ${check_worldwritable_dirs} -perm -0002 \
  		\! -type l -ls > $LIST 2> $ERR
  	# Display any errors that occurred during system file walk.
  	if [ -s $ERR ] ; then
  		echo World writable find errors:
  		cat $ERR
  	if [ -s $LIST ] ; then
  		World writable files:
  		cat $LIST
 Also another variable could be used to exclude, such as:
 check_worldwritable_exclude="/tmp /var/tmp"
 maybe using grep or parsing and putting on find command itself.
   Jeremy C. Reed
   	  	 	 BSD News, BSD tutorials, BSD links