# su -s /bin/bash nobody And find out just how much stuff you've accidentally left world readable on your systems.
-
I feel like I have done exactly that. Or are you excluding world r/w files that can’t be gotten to? I.e. in a directory that is 0700? What about a hard link created in a different directory that is accessible?
@ssrjazz do you have input here?
World r/w files in a directory without world r/w permissions have to be excluded, of course. As I said, this is a common pattern. You can make your /home 700 and that immediately excludes everything under it from being a problem. Hard links will show up at their other location.
-
-
The hard link won’t show up if it’s created after the scan. The file is still insecure. Thus why I dislike world r/w without good reason.
-
You cannot create that hard link without access to the original file. The only way to access the original file is to have access via all the file path components, or to receive a directory fd from a process which does (at which point it's delegating permissions to you).
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.