Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <op.ya5g8gepn7mcit@hodgins.homeip.net>
Date: Tue, 12 Jan 2016 19:06:06 -0500
From: "David W. Hodgins" <davidwhodgins@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Discuss: Daily/weekly cron jobs best practices

On Mon, 11 Jan 2016 05:25:11 -0500, Tim Brown <tmb@...35.com> wrote:

> Not uncommon, we pop almost every UNIX box we touch this way, I assume you've
> seen unix-privesc-check?

Tried it. Too much output to be of any use. With complaints like
I: [group_writable] /home/dave/home/dave/.gnupg/pubring.gpg is owned
  by user dave (group dave) and is group-writable (-rwxrwx---)
W: [setgid] /usr/lib64/kde4/libexec/kdesud is setgid (root, nogroup):
  -rwxr-sr-x
W: [setuid] /usr/bin/su is setuid (root, root): -rwsr-xr-x

With 152149 lines going to stdout on my system, a quick skim of the
output doesn't show anything useful. I don't see anything in the
output that it's complaining about, that isn't as it should be.

Regards, Dave Hodgins

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.