Security Basics mailing list archives
World Writeable files and directories
From: venkatesh.selvaraju () gmail com
Date: Thu, 28 May 2009 23:16:19 -0600
Hi there, I'm preparing a policy document for world writeable elements in *NIX. The documents talks about the potential threats and exploits of letting a critical file or directory as world writeable. Also, listing out the exceptions wherein it's ok to have world writeable elements due to various reasons. There is a section within the document wherein I'm planning to insert a spreadsheet with the listing of all system files which should not be world writable. In general, files beginning with a period should not be world- or group-writable and .login; .rhosts; dev/drum; /dev/mem; /dev/kmem; /etc/passwd and /etc/group to say the least. However, I'm looking for a more comprehensive listing of all system files and directories which the UNIX operations team needs to ensure that they explicitly turn off the world writable permission. Can someone let me know where do I find this info? Any assistance you facilitate is greatly appreciated. Thank you, Venkatesh ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- World Writeable files and directories venkatesh . selvaraju (Jun 01)