From owner-freebsd-security  Wed Oct 30 23:19:21 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA05468
          for security-outgoing; Wed, 30 Oct 1996 23:19:21 -0800 (PST)
Received: from verdi.nethelp.no (verdi.nethelp.no [193.91.212.2])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id XAA05463
          for <freebsd-security@freebsd.org>; Wed, 30 Oct 1996 23:19:16 -0800 (PST)
From: sthaug@nethelp.no
Received: (qmail 1246 invoked by uid 1001); 31 Oct 1996 07:18:58 +0000 (GMT)
To: freebsd-security@freebsd.org
Subject: Re: /etc/security
In-Reply-To: Your message of "Thu, 31 Oct 1996 10:48:42 +1000 (EST)"
References: <199610310048.KAA23155@s5.elec.uq.edu.au>
X-Mailer: Mew version 1.05+ on Emacs 19.28.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Date: Thu, 31 Oct 1996 08:18:58 +0100
Message-ID: <1244.846746338@verdi.nethelp.no>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> > I think, this is a nice feature
> > (unless, of coarse, you have to be dealing with Windows.)
> > It's nice to have an alert, that somebody created
> > a file with the name which is most probably should not exist on
> > a Unix box.
> 
> UNIX does not care if they have spaces

Agreed, it's perfectly legal. But it would be nice to be warned about
files that contain '...', or *start* with a space, or a number of other
tricks used by the Warez folks to hide their stuff.

> > > The current version falls over when checking for suid / sgid files
> > > when the file names contain spaces. These file names are generated
> > > by win95 when your FreeBSD host runs as a samba server.
> > > Any such suid files just get dropped by the find but give errors.
> 
> The point is that you could have suid files that are not flagged as 
> such by this script because find drops them if you use the -X switch.

It also doesn't handle file names with quotes particularly well. Here
I've made a copy of my DOS partition, and I get:

> checking setuid files and devices:
> find: /doscopy/sb16/pro_org/i'vebeen.org: illegal path
> find: /doscopy/sb16/pro_org/she'llbe.org: illegal path

Steinar Haug, Nethelp consulting, sthaug@nethelp.no