April 2004
Intermediate to advanced
320 pages
9h 10m
English
Content preview from Network Security HacksBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Scan For World- and Group-Writable Directories
Quickly scan for directories with loose permissions.
World- and group-writable
directories present a problem: if the users of a system have not set
their umask properly, they will inadvertently
create insecure files, completely unaware of the implications. With
this in mind, it seems it would be good to scan for directories with
loose permissions. Much like
[Hack #2]
,
this can be accomplished by running the
find
command:
# find / -type d \( -perm -g+w -o -perm -o+w \) -exec ls -lad {} \;Any directories that are listed in the output should have the
sticky bit set, which is denoted by a
t in the directory’s permission
bits. A world-writable directory with the sticky bit set ensures that
even though anyone may create files in the directory, they may not
delete or modify another user’s files. If you see a
directory in the output that does not contain a sticky bit, consider
whether it really needs to be world-writable or whether the use of
groups or ACLs
[Hack #4]
will work better for your situation. If you really do need the
directory to be world-writable, set the sticky bit on it
using
chmod +t.
To get a list of the directories that don’t have their sticky bit set, run this:
#find / -type d \( -perm -g+w -o -perm -o+w \) \-not -perm -a+t -exec ls -lad {} \;
If you’re using a system that creates a unique group
for each user (e.g., you create a user andrew,
which in turn creates a group andrew as the primary group), you may want to ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.