Security: directory and file permissions

**Pda0** · 07-09-2003 08:13 PM

Ive researched around, and finally I have seen that these commands are good for searching for unsecure file/dirs:

find / -type f $ -perm -4000 -o -perm -2000 $ -exec ls -ldu '{}' \;
find / -type d $ -perm -4000 -o -perm -2000 $ -exec ls -ldu '{}' \;
find / -type d -perm -0777 -exec ls -ldu '{}' \;
find /home -type f -perm -0777 -exec ls -ldu '{}' \;

1] The two first ones look for setuid files and directories (Latest access time will show instead of creation time - comes handy). On a standard cpanel6 install there are not that much to see (there shouldnt anyway), unless there's a writable dir/file.

I thought that it would be nice to build a script that checks suid/sgid files/dirs _with_ write permissions, but I would like to know if im following the right theory before coding it (Any opinions?).

2] The third command looks for world-writeable directories. On a standard cpanel6 install I got A LOT of them!. Is this really bad, other than possible letting a user scatter files through the server?

3] The fourth and last command looks for world-writable executable files through the standard account directory of cpanel6. This is bad, as by doing this a user can easily hijack other user's account if the file is a .php,.pl, etc, executable file. In plain cpanel6 I think there are no files like this (im unsure).

What about building a script that looks for these world-writeable files on each users web directory, mailing a warning?

......

Well, that's about it. Im dying for opinions

.pd

cPanel.net Support Ticket Number:

**Pda0** · 07-12-2003 12:47 PM

Anyone?

cPanel.net Support Ticket Number:

**SteveD3** · 07-13-2003 12:06 PM

I think its a good idea, however Im not a script writer.

my $0.02

-Steve

cPanel.net Support Ticket Number:

**rbmatt** · 07-13-2003 12:13 PM

It would be fairly simple.. would you just want it to run via cron?

A simple bash script like..

CHECK1= `find / -type f $ -perm -4000 -o -perm -2000 $ -exec ls -ldu '{}' \`

CHECK2= `find / -type d $ -perm -4000 -o -perm -2000 $ -exec ls -ldu '{}' \;`

etc. then splice them together and mail it.

cPanel.net Support Ticket Number:

**Pda0** · 07-13-2003 12:22 PM

Actually, I was hoping for comments to the questions I stated

1] Suid/Guid files without write permissions are ok?
2] Are world-writable directories ok?
3] World-writable php files can lead to account hijacks, right? (Assuming phpsuexec enabled)

Thanks

.pd

cPanel.net Support Ticket Number:

**howard** · 07-13-2003 01:05 PM

Not entirely sure about 1) so will just answer 2) and 3)

2) World writable directorys are in general a bad idea (unless it has sticky bit set) and are often exploited to hide cracker tools in

3) Yes, also can be used in website defacements

find / -nouser -or -nogroup can also be useful in identifying files which don't have a user or group assigned to them (this will be espically obviously on a busy cpanel system as previously noted elsewhere cpanel doesn't tidy up that well after a account deletion)

**Pda0** · 07-13-2003 10:27 PM

Originally posted by howard
Not entirely sure about 1) so will just answer 2) and 3)

2) World writable directorys are in general a bad idea (unless it has sticky bit set) and are often exploited to hide cracker tools in

3) Yes, also can be used in website defacements

find / -nouser -or -nogroup can also be useful in identifying files which don't have a user or group assigned to them (this will be espically obviously on a busy cpanel system as previously noted elsewhere cpanel doesn't tidy up that well after a account deletion)

The bad part is that in Cpanel there are ZILLIONS of [2]!!

.pd

cPanel.net Support Ticket Number:

**rbmatt** · 07-13-2003 10:30 PM

Just about every gallery script or upload manager has these.. I wish things were just more secure!

cPanel.net Support Ticket Number:

**Pda0** · 07-13-2003 11:41 PM

Originally posted by rbmatt
Just about every gallery script or upload manager has these.. I wish things were just more secure!

cPanel.net Support Ticket Number:

No.. world-writable permissions aren't needed when using phpsuexec.

As the http process is forked with the user's uid/gid, only group or user write permissions allow the script to write.

.pd

cPanel.net Support Ticket Number:

**rbmatt** · 07-14-2003 10:04 AM

Yea, but we don't run phpsuexec. I guess its too developmental. And I dont think it works with the lastest php version.

cPanel.net Support Ticket Number:

**mmkassem** · 07-14-2003 12:07 PM

Originally posted by rbmatt
Yea, but we don't run phpsuexec. I guess its too developmental. And I dont think it works with the lastest php version.

cPanel.net Support Ticket Number:

It works with it now.

Anyway, Cpanel 7.2.0 updates makes a lot of files world writable.

I reported that but I did not get any reply.

cPanel.net Support Ticket Number:

**Pda0** · 07-14-2003 01:32 PM

Originally posted by rbmatt
Yea, but we don't run phpsuexec. I guess its too developmental. And I dont think it works with the lastest php version.

cPanel.net Support Ticket Number:

What do you mean developmental?

Have you actually tried it?

.pd

cPanel.net Support Ticket Number:

**mmkassem** · 07-14-2003 02:38 PM

try this program:
http://www.r-fx.net/faf.php

It will report to you all the unowned files , and world writable (not only 777, there are many forms of world writable) and more ...

cPanel.net Support Ticket Number:

**Pda0** · 07-16-2003 08:08 PM

Looks nice.

Ill check it out. Thanks

.pd

cPanel.net Support Ticket Number:

LinkBack

Thread Tools

Security: directory and file permissions

Setting Directory Permissions

Problem with permissions on directory reverting every week

Skelton Directory and Folder Permissions

tomcat file/directory permissions

Directory Permissions