[175] in linux-security and linux-alert archive
File Permission Checker
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Fri Mar 17 14:46:55 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Fri, 17 Mar 1995 20:30:11 +0100 (MET)
Hello everyone,
I've put a up small perl-based utility for FTP that looks for bad file
permissions based on a (rather simple) configuration database. It's
not highly sophisticated, and I'm sure Larry Wall wouldn't approve of
the way I code perl, but it works for me. It checks for file ownership
and permissions, and searches the file system for suid/sgid programs.
It's entirely undocumented, so the only way to find out about the
various functions of the database entries is by playing with it,
meditation, or reading the source.
The files currently listed in the sample configuration database
comprise the BSD networking stuff, smail, INN, XFree86, and some more.
You may not always agree with my choice of acceptable and required
permission bits, but then, it's only an example of what such a beast
might look like. There are also a couple of utilities I didn't list;
most notably the small zoo of tiny tools that manipulate the console
that are all suid root on my machine (I feel I may have old versions
floating around here..). Despite its 300-something entries it's not
complete yet.
It's all still rather sketchy, and the database syntax definitely
could be improved. I don't have much time to spare for this right now,
unfortunately. I invite anyone to try their hands on this. If people
know of standard permission holes in one of the common distributions
that the script fails to notice, please let me know.
Here's the FTP location:
linux.nrao.edu:/pub/people/okir/kitten/kitten-0.1.tar.gz
(Okay, so my puns are bad. Sue me:-)
Enjoy,
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
