Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
security guide, section 7, reloaded. :)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
_uniplex
n00b
n00b


Joined: 02 Mar 2004
Posts: 2

PostPosted: Mon Mar 08, 2004 11:31 am    Post subject: security guide, section 7, reloaded. :) Reply with quote

A couple days ago I posted something similar but I found that it was a little buggy and deleted it from the forums. Hopefully this aint as bad. :)

To get the list of world writable files and store their full pathname along with their original permissions, and the permissions they need have in order to not be world or group writable I've done this.

Code:
/usr/bin/find / -type f \( -perm -2 -o -perm -20 \) -printf "%m " -print0 | while read -rd $'\000' var; do [[ $(echo ${var%% *} | wc -m) = "5" ]] && z=${var:0:1} && var=${var:1}; case ${var:1:1} in 2|3|6|7) a=$(( ${var:1:1} - 2 )) && c=1 ;; *) a=${var:1:1} ;; esac; case ${var:2:1} in 2|3|6|7) b=$(( ${var:2:1} - 2 )) && c=1 ;; *) b=${var:2:1} ;; esac && [[ -n $z ]] && echo $z${var%% *} $z${var:0:1}$a$b ${var#* } || ( [[ -n $c ]] && echo ${var%% *} ${var:0:1}$a$b ${var#* } ); unset {a,b,c,z,var}; done | tee -a ${HOME%/}/writable.txt


Then to change the permissions I did this.

Code:
while read var; do set -- $var; b="$2"; shift 2; chmod $b $@; done < <(echo "$(< ${HOME%/}/writable.txt)")


Incase that breaks something we still have ${HOME%/}/writable.txt with all the original file permissions, so to undo them I could do this:

Code:
while read var; do set -- $var; a="$1"; shift 2; chmod $a $@; done < <(echo "$(< ${HOME%/}/writable.txt)")


Last edited by _uniplex on Sun Mar 14, 2004 6:53 pm; edited 3 times in total
Back to top
View user's profile Send private message
Greven
Tux's lil' helper
Tux's lil' helper


Joined: 28 Jul 2002
Posts: 138

PostPosted: Mon Mar 08, 2004 2:35 pm    Post subject: Reply with quote

This looks nice and all..... but how do I use this? :D Sorry but I'm still learning unix and bash.
_________________
veritas vos liberabit...
Linux User Number: 346805
Wine-Wiki
AMD 64 3500+ | MSI "K8T NEO2-FIR" | mushkin Dual Channel DDR 400
Back to top
View user's profile Send private message
_uniplex
n00b
n00b


Joined: 02 Mar 2004
Posts: 2

PostPosted: Mon Mar 08, 2004 9:48 pm    Post subject: Reply with quote

You can copy and paste the lines individually just as they are into a bash shell and hit enter. They should be run in the order that they are listed from top to bottom.

The second line is the one that actually changes any file permissions.

If it causes any programs to break then simply re-emerging the package should fix it. If that's not enough you can run the third and last line to undo all the changes back to the way they were originally.

The code in section 7 of the security guide doesn't properly handle files which contains spaces in their names. And they show you a little about how to use chmod to manually change the files permissions. And that should be enough for most people I guess. Me, I just run something like this and be done with it (not saying that my other code doesn't work just fine too.) :)

Code:
/usr/bin/find / type f \( -perm -2 -o -perm -20 \) -print0 | xargs -i -0 chmod go-w {}


note. find is a fast utility. the same can't always be said for bash and while read loops. Be ready for that massive bash line to take a while on a slow computer with alot of group and world writable files. :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum