[clue-tech] File permission anomalies under FC3

Greg Knaddison greg.knaddison at gmail.com
Tue Jun 14 08:53:57 MDT 2005 

On 6/14/05, bof <bof at pcisys.net> wrote:
> Hello,
> 
> I've just installed Krud FC3 and in examining it, I've found a large
> number of files that strike me as security holes: some are
> world-writable, some have numbers for owner/groups and some have SUID
> bits set. For example:
> 
> world-writable files
> -rw-rw-r--  1 20 0 Oct 19  2004 /var/lib/games/gnotski.1.scores
> -rw-rw-r--  1 20 0 Oct 19  2004 /var/lib/games/gnibbles.4.1.scores
> -rw-rw-r--  1 20 0 Oct 19  2004
> /var/lib/games/gnobots2.robots2_easy-super-safe.scores

You know it's UserGroupWorld, right?  So these are User-read/write
Group-read/write World-read.  The group is 20 which on my default
install CentOS4 box is the "games" and there are no members of that
group.

> 
> world-writable directories
> drwxrwxr-x  5 jlkottal 4096 May 26 10:54 /home/jlkottal/.evolution
> drwxrwxr-x  2 man 4096 Nov 19  2004 /var/cache/man/X11R6/cat3
> 

Those are world readable/executable (execution is necessary for the
world to do an ls on that directory).  They are only writable by user
5/jlkottal group and user 2/man group respectively.  That's probably a
pretty limited set of users.

> numbers for owner/group
> -rw-rw-r--  1 root 966 Dec 20 11:03 /usr/share/nagios/images/delay.gif
> -rw-rw-r--  1 root 1085 Dec 20 11:03 /usr/share/nagios/images/logrotate.png
> -rw-rw-r--  1 root 5519 Dec 20 11:03 /usr/share/nagios/images/redundancy.png
> -rw-rw-r--  1 20 0 Oct 19  2004 /var/lib/games/mahjongg.pyramid.scores
> -rw-rw-r--  1 20 0 Oct 19  2004
> /var/lib/games/gnobots2.robots2-super-safe.scores
> -rw-rw-r--  1 20 0 Oct 19  2004 /var/lib/games/gnomine.Small.scores
> 

Similar to above - seems reasonable.

> SUID bits set
> -r-xr-s--x  1 root 20 70408 Oct 19  2004 /usr/bin/mahjongg
> -rwxr-sr-x  1 root nobody 64920 Mar 15 12:11 /usr/bin/ssh-agent
> -r-xr-s--x  1 root 20 41264 Oct 19  2004 /usr/bin/glines
> 

I don't know about SUID.

> Are files like these in fact security holes? If so, what would be the
> best way of eliminating them?

You could probably remove most of them (e.g. the games) and chmod the
others if you feel there is a security problem.

<snip>

Greg

More information about the clue-tech mailing list