RE: Question about rwxrwxrwx files and/or dirs

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMLisa Kachold at <-
 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Carruth, Rusty
Date:  
To: Main PLUG discussion list
Subject: RE: Question about rwxrwxrwx files and/or dirs
find / -perm -777 -print

I think that should do it. For more details than any sane person could want, do 'man find' ;-)

Rusty
 

> -----Original Message-----
> From: [mailto:plug-
> ] On Behalf Of
>
> Sent: Wednesday, August 08, 2012 7:09 PM
> To: Main PLUG discussion list
> Subject: Question about rwxrwxrwx files and/or dirs
>
>
> Question about rwxrwxrwx files and/or dirs
>
> Lisa's reply to Keith prompted me to wonder if I perhaps had any
> rwxrwxrwx
> files or drwxrwxrwx directories on my system that might be a security
> risk. So, while I don't know how to search the entire hard disk for
> such
> files, I used variants of the following syntax to search for some.
>
> $ ls -ltr */* | fgrep rwxrwxrwx
> srwxrwxrwx 1 joe joe 0 Aug 7 11:35 mysql.socket=
>
> Another similar found this:
> srwxrwxrwx 1 joe joe 0 Aug 7 11:35 tmp/akonadi-
> joe.nMNQOV/mysql.socket=
> 
> Another similar found this: /home/joe/mydata/graphics/psp
> drwxrwxrwx 3 joe    4096 Dec 12  2003 Freebies

>
> Another similar found a whole lot of: lrwxrwxrwx
>
> Do any of these suggest a security risk?
> Is there a better way to search more comprehensively for others?
> What, if anything, could I or should I do to eliminate a risk?
>
>
> ---------------------
> Lisa replied to Keith, in part:
> > Here's more on it:
> > http://wordpress.org/support/topic/advanced-problem-image-upload
> >
> > http://wordpress.org/support/topic/151290
> >
> > Solution:
> >
> > You need to use "chmod 777" for uploads to work.
> >
> > Security Issues:
> >
> > This is a security risk of course, since there are many spider
> scrapers
> > looking for an open permission directory to be able to write, say a
> fake
> > Phishing Site page for UPS with an email results script.
> >
> > Solution: (from Wordpress documentation):
> >
> > Base image directory
> >
> > The base image directory must be world writable i.e.: chmod 777
> > Base image URL
> >
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: ot Online schoolRe: ot Online school->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)