subject:"\[gentoo\-user\] Security bugs in Gentoo \?"

Re: [gentoo-user] Security bugs in Gentoo ?

2003-10-27 Thread Sigurd Stordal

 -rw-rw-r--1 games   0 Oct 12 23:05
 /var/lib/games/gnotski.7.scores
rw for user and group only read for all, should be OK

 -rw-rw-rw-1 root  516 May 14 11:05
/root/.mozilla/default/hoea5s71.slt/chrome/userContent.css

This is the only one writeable by all, don't think it should be a problem.

 Should I report this bug to Gentoo bugzilla ??
I don't really see a security problem. So if there are any security experts 
with  5 year experience that do no concure, please tell so because I don't 
see any security issues.
-- 
Sigurd Stordal
President of GOGS
Experimental Petrologist

--
[EMAIL PROTECTED] mailing list

[gentoo-user] Security bugs in Gentoo ?

2003-10-24 Thread SMS WebMaster

Hi

I have Gentoo 1.4 (updated) in my laptop and I executed the commands :

/usr/bin/find / -type f \( -perm -2 -o -perm -20 \)-exec ls -lg {} 
\; 2/dev/null writable.txt 
/usr/bin/find / -type d \( -perm -2 -o -perm -20 \)   -exec ls -ldg {} 
\; 2/dev/null writable.txt 
/usr/bin/find / -type f \( -perm -004000 -o -perm -002000 \)   -exec ls 
-lg {} \; 2/dev/null suidfiles.txt

in my box (this command from Gentoo Linux Security Guide   )

and I have too many writable files in Gentoo : (writable.txt) :

-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/gnotski.7.scores
-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/gnibbles.3.0.scores
-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/gnotski.2.scores
-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/gnomine.Large.scores
-rw-rw-r--1 games   0 Oct 12 23:05 /var/lib/games/glines.scores
-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/mahjongg.easy.scores
-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/gnotski.24.scores
-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/gnibbles.1.1.scores
-rw-rw-r--1 games   0 Oct 12 23:05 /var/lib/games/gtali.scores
-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/gnotski.15.scores
-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/gnobots2.robots2_easy-safe.scores
-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/gnotski.4.scores
-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/gnobots2.robots_with_safe_teleport-safe.scores
-rw-rw-r--1 games   0 Oct 12 23:05 
/var/lib/games/gnobots2.robots2_easy-super-safe.scores
...
...
-rw-rw1 mysql1064 Sep 18 07:12 
/var/lib/mysql/Programming/CodeLibrary.MYD
-rw-rw1 mysql2048 Sep 18 22:06 
/var/lib/mysql/Programming/CodeLibrary.MYI
-rw-rw1 mysql8880 Sep 17 00:06 
/var/lib/mysql/Programming/CodeLibrary.frm
-rw-rw1 mysql   19596 Sep 24 19:38 
/var/lib/mysql/test/Products.MYD
-rw-rw1 mysql2048 Sep 25 18:28 
/var/lib/mysql/test/Products.MYI
...
...
-rw-rw-r--1 utmp  2436096 Oct 19 06:14 /var/log/wtmp
-rw-rw1 mysql9700 Oct 16 10:41 /var/log/mysql/mysql.err
-rw-rw1 mysql93648883 Oct 16 10:38 /var/log/mysql/mysql.log
-rw-rw-r--1 utmp 4608 Oct 19 06:14 /var/run/utmp
-rw-rw-r--1 portage 0 Aug 20 00:01 
/var/tmp/portage/giblib-1.2.2/temp/successful
-rw-rw-r--1 portage 0 Sep  7 21:11 
/var/tmp/portage/libxmlpp-0.21.0/temp/successful
-rw-rw-r--1 portage 78626 Aug 17 10:16 
/var/tmp/portage/openjade-1.3.2-r1/temp
...
...
-rw-rw-r--1 portage   276 Feb 13  2003 
/var/cache/edb/dep/x11-plugins/gkrellsun-0.2
-rw-rw-r--1 portage   261 Feb 13  2003 
/var/cache/edb/dep/x11-plugins/gkrellsun-0.9
-rw-rw-r--1 portage   235 Oct 10 19:38 
/var/cache/edb/dep/x11-plugins/karamba-news_panel-0.5
-rw-rw-r--1 portage   304 Oct 16 19:37 
/var/cache/edb/dep/x11-plugins/wmsysmon-0.7.6
-rw-rw-r--1 portage   192 Oct  6 10:09 
/var/cache/edb/dep/x11-plugins/gkacpi-0.5
-rw-rw-r--1 portage   209 Sep  6 09:11 
/var/cache/edb/dep/x11-plugins/asclock-2.0.12
-rw-rw-r--1 portage   218 Oct  6 10:09 
/var/cache/edb/dep/x11-plugins/gkrellm-reminder-0.3.5
...
...
...
-rw-rw-r--1 root 4909 Aug 19 16:41 
/usr/share/doc/db-3.2.9-r7/html/api_cxx/env_close.html
-rw-rw-r--1 root 3363 Aug 19 16:41 
/usr/share/doc/db-3.2.9-r7/html/api_cxx/env_set_lg_bsize.html
-rw-rw-r--1 root10056 Aug 19 16:41 
/usr/share/doc/db-3.2.9-r7/html/api_cxx/dbc_get.html
-rw-rw-r--1 root 3517 Aug 19 16:41 
/usr/share/doc/db-3.2.9-r7/html/api_cxx/memp_fclose.html
-rw-rw-r--1 root 4268 Aug 19 16:41 
/usr/share/doc/db-3.2.9-r7/html/api_cxx/db_set_errfile.html
.
-rw-rw-r--1 root  233 Sep  4 10:10 
/usr/portage/metadata/cache/x11-themes/gentoo-artwork-0.2
-rw-rw-r--1 root  222 Sep 13 00:42 
/usr/portage/metadata/cache/x11-themes/gentoo-artwork-0.3
-rw-rw-r--1 root 1300 Sep  4 08:41 
/usr/portage/metadata/cache/x11-themes/mplayer-skins-0.1-r1
...
-rw-rw-rw-1 root  516 May 14 11:05 
/root/.mozilla/default/hoea5s71.slt/chrome/userContent.css
-rw-rw1 root  366 Aug 26 14:42 
/root/.realnetworks/RealShared_0_0
-rw-rw1 root26977 Sep  1 17:43 
/root/.realnetworks/Gemini_0_1
-rw-rw1 root  753 Oct  1 02:48 
/root/.realnetworks/RealPlayer_9_0
-rw-rw1 root26328 Oct  1 02:48 
/root/.realnetworks/RealMediaSDK_6_0



Should I report this bug to Gentoo bugzilla ??



--
http://www.4-SMS.Com
http://eShop.4-SMS.Com
http://Mozilla.4-SMS.Com
-*- If Linux doesn't have the solution, you have the wrong problem -*-
--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Security bugs in Gentoo ?

2003-10-24 Thread Andrew Farmer

On Fri, 24 Oct 2003 14:36:28 -0700, SMS WebMaster muttered:
 I have Gentoo 1.4 (updated) in my laptop and I executed the commands :
 
 /usr/bin/find / -type f \( -perm -2 -o -perm -20 \)-exec ls -lg {} 
 \; 2/dev/null writable.txt 
 /usr/bin/find / -type d \( -perm -2 -o -perm -20 \)   -exec ls -ldg {} 
 \; 2/dev/null writable.txt 
 /usr/bin/find / -type f \( -perm -004000 -o -perm -002000 \)   -exec ls 
 -lg {} \; 2/dev/null suidfiles.txt
You shouldn't be checking for -perm -20. This specifies group-writable
files, which are safe.

 -rw-rw-r--1 games   0 Oct 12 23:05 
 /var/lib/games/gnotski.7.scores
...

Normal. Games need to be SUID (dangerous!) or have these files set
world-writable to save scores properly.

 -rw-rw1 mysql1064 Sep 18 07:12 
 /var/lib/mysql/Programming/CodeLibrary.MYD
...

Looks fine to me. It isn't world-writable, so it's safe.

 -rw-rw-r--1 utmp  2436096 Oct 19 06:14 /var/log/wtmp
...more group-writable files in /var/log -- this one MUST be set
group-writable to get it to be updated properly...

 -rw-rw-r--1 portage   276 Feb 13  2003 
 /var/cache/edb/dep/x11-plugins/gkrellsun-0.2
...portage group-writable files are OK, I would think...

 -rw-rw-r--1 root 4909 Aug 19 16:41 
...and more group-writable files. All safe.

 Should I report this bug to Gentoo bugzilla ??
No.

-- 
Andrew Farmer
[EMAIL PROTECTED]


pgp0.pgp
Description: PGP signature

Re: [gentoo-user] Security bugs in Gentoo ?

[gentoo-user] Security bugs in Gentoo ?

Re: [gentoo-user] Security bugs in Gentoo ?

3 matches

Site Navigation

Mail list logo

Footer information