Bug #129957 Update (Fedora Hardening)
Paul W. Frields
paul at frields.com
Sat Oct 2 13:21:45 UTC 2004
On Fri, 2004-10-01 at 18:45, tuxxer wrote:
[...snip...]
> An html view of the doc, as well as ongoing developments (in html
> format), will still be available at the link below. Please provide
> direct feedback, criticisms, praise, jeers, etc. to the list, or my
> email off-list, if desired.
>
> http://members.cox.net/tuxxer
Hi Charlie, you may want to change the bottom example in Section 2.1.
The way I read it, you are doing 64 (!!!) complete traversals of the
file system to find these files, when only one is necessary. Try
removing the "for" loops and doing instead:
find / -perm +002 | tee -a world-writable-files.txt
Keep in mind that this list will include a lot of /dev entries that
don't really indicate a problem (tty's and such), not to mention links.
You might want to declare that you do not want to look at block or
character special devices, or links, and just regular files and
directories. Although it's conceivable one might miss something glaring,
system hardening should probably be done before one is connected to the
Internet, and right after installation, so it's unlikely that skipping
these files would expose you to much risk.
find / \( -type d -o -type f \) -perm +002 | tee -a world-writable.txt
--
Paul W. Frields, RHCE
More information about the fedora-docs-list
mailing list