D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] The wrong kind of Open Source.



Neil Williams wrote:
On Sat, Feb 14, 2004 at 12:24:50PM +0000, Simon Waters wrote:

find / -perm -003

....finds very few files on my system, but quite a lot of /usr/local is
owned by srw, and used by other users (well Faye).... bad Simon....


But they are all symbolic links to files / directories of chmod 0644 or
0755 respectively. When I run:

find / -type f -perm -003
or 
find / -type d -perm -003
I get no matches.

If the symbolic link is 0777 but the target of the link is 0600, the
link still cannot be executed / edited - I get permission denied.

What am I missing?

You not - I ran the command with "-type f" as well.

Permissions on symlinks don't matter (they are part of the directory not
part of the filesystem) - of course "other writable directories" could
cause security problems - as could other writable device files depending
on the device in question.

All comes back to the same - security probably isn't as tight as you
imagine - also shells will execute read-only files if passed as arguments.

Whilst some systems ship with a "tight" default config there is plenty
of room for a virus, or other malware, to lurk on most deployed *nix
systems.

Attachment: signature.asc
Description: OpenPGP digital signature


Lynx friendly