World-writable files installed by ports
Kris Kennaway
kris at obsecurity.org
Mon Sep 4 18:43:26 UTC 2006
On Mon, Sep 04, 2006 at 10:25:09PM +0400, Andrew Pantyukhin wrote:
> >> BTW, I wonder why www/phpmyfaq is not in your list.
> >
> >What a+w file does it install?
>
> sat at sat64:~> find /usr/local/www/phpmyfaq -perm -a+w
> /usr/local/www/phpmyfaq/inc
> /usr/local/www/phpmyfaq/images
> /usr/local/www/phpmyfaq/attachments
> /usr/local/www/phpmyfaq/data
> /usr/local/www/phpmyfaq/pdf
> /usr/local/www/phpmyfaq/xml
>
> sat at sat64:~> find /usr/local/www/phpmyfaq -perm -a+w | xargs ls -ld
> drwxrwxrwx 2 www www 512 Sep 4 22:19
> /usr/local/www/phpmyfaq/attachments
> drwxrwxrwx 2 www www 512 Sep 4 22:19 /usr/local/www/phpmyfaq/data
> drwxrwxrwx 2 www www 512 Sep 4 22:19 /usr/local/www/phpmyfaq/images
> drwxrwxrwx 2 www www 1024 Sep 4 22:19 /usr/local/www/phpmyfaq/inc
> drwxrwxrwx 2 www www 512 Sep 4 22:19 /usr/local/www/phpmyfaq/pdf
> drwxrwxrwx 2 www www 512 Sep 4 22:19 /usr/local/www/phpmyfaq/xml
Hmm, I wonder if the security-check target is broken with plist
substitutions.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060904/443b24c9/attachment.pgp
More information about the freebsd-ports
mailing list