Question about rwxrwxrwx files and/or dirs

Carruth, Rusty Rusty.Carruth at smartstoragesys.com
Thu Aug 9 08:48:56 MST 2012 

find / -perm -777 -print

I think that should do it.  For more details than any sane person could want, do 'man find' ;-)

Rusty
 

> -----Original Message-----
> From: plug-discuss-bounces at lists.plug.phoenix.az.us [mailto:plug-
> discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of
> joe at actionline.com
> Sent: Wednesday, August 08, 2012 7:09 PM
> To: Main PLUG discussion list
> Subject: Question about rwxrwxrwx files and/or dirs
> 
> 
> Question about rwxrwxrwx files and/or dirs
> 
> Lisa's reply to Keith prompted me to wonder if I perhaps had any
> rwxrwxrwx
> files or drwxrwxrwx directories on my system that might be a security
> risk. So, while I don't know how to search the entire hard disk for
> such
> files, I used variants of the following syntax to search for some.
> 
> $ ls -ltr */* | fgrep rwxrwxrwx
> srwxrwxrwx 1 joe joe 0 Aug  7 11:35 mysql.socket=
> 
> Another similar found this:
> srwxrwxrwx  1 joe joe 0 Aug  7 11:35 tmp/akonadi-
> joe.nMNQOV/mysql.socket=
> 
> Another similar found this: /home/joe/mydata/graphics/psp
> drwxrwxrwx 3 joe    4096 Dec 12  2003 Freebies
> 
> Another similar found a whole lot of: lrwxrwxrwx
> 
> Do any of these suggest a security risk?
> Is there a better way to search more comprehensively for others?
> What, if anything, could I or should I do to eliminate a risk?
> 
> 
> ---------------------
> Lisa replied to Keith, in part:
> > Here's more on it:
> > http://wordpress.org/support/topic/advanced-problem-image-upload
> >
> > http://wordpress.org/support/topic/151290
> >
> > Solution:
> >
> > You need to use "chmod 777" for uploads to work.
> >
> > Security Issues:
> >
> > This is a security risk of course, since there are many spider
> scrapers
> > looking for an open permission directory to be able to write, say a
> fake
> > Phishing Site page for UPS with an email results script.
> >
> > Solution: (from Wordpress documentation):
> >
> > Base image directory
> >
> > The base image directory must be world writable i.e.: chmod 777
> > Base image URL
> >
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list