Quickly scan for directories with loose permissions.
World- and group-writable
directories present a problem: if the users of a system have not set
their umask
properly, they will inadvertently
create insecure files, completely unaware of the implications. With
this in mind, it seems it would be good to scan for directories with
loose permissions. Much like
[Hack #2]
,
this can be accomplished by running the
find
command:
# find / -type d \( -perm -g+w -o -perm -o+w \) -exec ls -lad {} \;
Any directories that are listed in the output should have the
sticky bit set, which is denoted by a
t
in the directory’s permission
bits. A world-writable directory with the sticky bit set ensures that
even though anyone may create files in the directory, they may not
delete or modify another user’s files. If you see a
directory in the output that does not contain a sticky bit, consider
whether it really needs to be world-writable or whether the use of
groups or ACLs
[Hack #4]
will work better for your situation. If you really do need the
directory to be world-writable, set the sticky bit on it
using
chmod +t
.
To get a list of the directories that don’t have their sticky bit set, run this:
#find / -type d \( -perm -g+w -o -perm -o+w \) \
-not -perm -a+t -exec ls -lad {} \;
If you’re using a system that creates a unique group
for each user (e.g., you create a user andrew
,
which in turn creates a group andrew
as the
primary group), you may want to modify the commands to not scan for
group-writable directories. (Otherwise, you will get a lot of output
that really isn’t pertinent.) To do this, run the
command without the -perm -g+w
portion.
Get Network Security Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.