Permissive Permissions

Mike A. Gigante mg at cidam.me.rmit.oz.AU
Sat May 13 21:30:48 AEST 1989


The default permissions stink. Not only is / 777 (allowing *anyone)
to create or remove any file in the / directory -- bad news) but executables
are shipped 777 also. This is even trueof setuid programs like /bin/su
which creates such a blatant security hole that any user can crack root
within 2 seconds ofgetting their csh/sh prompt.

When the machine arrives, I run commands like the following:

find / -type f -print | xargs file | grep mipseb | cut -f1 -d: | xargs chmod og-rw

and similar variations for shell scripts(og -w) and directories (og-w). Of course
with directories, there are a couple of execptions (like /tmp /usr/tmp etc)

Mike



More information about the Comp.sys.sgi mailing list