From owner-freebsd-stable Sat May 27 0:26: 9 2000 Delivered-To: freebsd-stable@freebsd.org Received: from maillist.kabelfoon.nl (maillist.kabelfoon.nl [194.178.9.136]) by hub.freebsd.org (Postfix) with ESMTP id 898BA37B91E for ; Sat, 27 May 2000 00:26:06 -0700 (PDT) (envelope-from mark@paracas.nl) Received: from rome.paracas.nl (k2ij114.dial.kabelfoon.nl [212.136.96.114]) by maillist.kabelfoon.nl (Postfix) with ESMTP id A3F463AA4 for ; Sat, 27 May 2000 09:26:02 +0200 (CEST) Received: from boston.paracas.nl (boston.paracas.nl [192.168.0.2]) by rome.paracas.nl (8.9.3/8.9.3) with ESMTP id JAA25846 for ; Sat, 27 May 2000 09:25:59 +0200 (CEST) (envelope-from mark@paracas.nl) X-URL: http://www.paracas.nl Message-Id: <4.3.1.2.20000527091718.00b2e650@pop.paracas.nl> X-Sender: markr@pop.paracas.nl X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Sat, 27 May 2000 09:25:58 +0200 To: freebsd-stable@FreeBSD.ORG From: Mark Ruys Subject: World writable files in RELENG_3 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've CVSuped src-all from RELENG_3 (stable 3.4) and did a make world. I noticed several world-writable files in /usr/obj, amoung which: drwxrwxrwx 2 uucp uucp 512 May 20 16:53 /usr/obj/usr/src/tmp/var/spool/uucppublic -rw-rw-rw- 1 root wheel 14336 May 20 18:47 /usr/obj/usr/src/share/isdn/0.al -rw-rw-rw- 1 root wheel 14336 May 20 18:47 /usr/obj/usr/src/share/isdn/1.al -rw-rw-rw- 1 root wheel 12288 May 20 18:47 /usr/obj/usr/src/share/isdn/2.al -rw-rw-rw- 1 root wheel 14336 May 20 18:47 /usr/obj/usr/src/share/isdn/3.al -rw-rw-rw- 1 root wheel 14336 May 20 18:47 /usr/obj/usr/src/share/isdn/4.al -rw-rw-rw- 1 root wheel 16384 May 20 18:47 /usr/obj/usr/src/share/isdn/5.al -rw-rw-rw- 1 root wheel 12288 May 20 18:47 /usr/obj/usr/src/share/isdn/6.al -rw-rw-rw- 1 root wheel 10240 May 20 18:47 /usr/obj/usr/src/share/isdn/7.al -rw-rw-rw- 1 root wheel 14336 May 20 18:47 /usr/obj/usr/src/share/isdn/8.al -rw-rw-rw- 1 root wheel 10240 May 20 18:47 /usr/obj/usr/src/share/isdn/9.al -rw-rw-rw- 1 root wheel 4608 May 20 18:47 /usr/obj/usr/src/share/isdn/beep.al -rw-rw-rw- 1 root wheel 67584 May 20 18:47 /usr/obj/usr/src/share/isdn/msg.al The cause is a mask of 666, for example in /usr/src/share/isdb/0.al.uu: begin 666 0.al ... end Also, shouldn't the sticky bit be set in /usr/obj/usr/src/tmp/var/spool/uucppublic? Is there a good reason for these 666 files? I'm not confortable with them. Mark Ruys To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message