[Slackbuilds-users] rsync the repo; some (not all) repo folders are SGID

Alan C acummingsus at gmail.com
Sat Oct 20 18:40:33 UTC 2007


On 10/20/07, Eric Hameleers (SBo) <alien at slackbuilds.org> wrote:
>
> Eric Hameleers (SBo) schreef:


[ as rsync'd, some of folders in SW 12.0 sbo repo have the SGID on them ]

> Thanks for reporting.


Thank you.

>
> > Eric
>
>
> It is even more widespread - in the 11.0 repository as well, and also
> in some of the directories used by the admins. Might it be a "feature"
> of the server we are working on?


Well, that's what I was wondering -- that is, if it were a "feature" and
thus I should not report it -- or, heaven forbid, what if it turned out that
there were some "feature" on *my* computer/system that, unknown to me, was
operating secretly in the background doing abra cadabra or secret magic.

(although, next is the command that I ran) (and its output showed [to my
intermediate level sys admin eyes] that my file sys appeared normal
elsewhere except for in the rsync'd sbo 12 repo)

find / -perm +02000 -exec ls -ld {} ; 2> /dev/null > /tmp/SGID.files

What started all of this is twofold.  ie both my curiosity and that I had
been following a thread on either comp.os.linux.security or on
comp.os.linux.networking

They were having a security related discussion and the topic turned to SUID
and SGID file permissions.  Someone posted the above command and the next
command

find / -perm +04000 -exec ls -ld {} ; 2> /dev/null > /tmp/SUID.files
--

(The specific mentioned SGID on *some* issue) It should be harmless though?
Right?

That is, no harm can happen, even if given a worse case scenario?  ie
someone from a different group logs on -- and, what can they do? -- the
worst is to build a Slackware package (I'm of course guessing since this
maybe probably stretches my sys admin skills).

-- 
Alan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20071020/0f6196be/attachment-0002.html 


More information about the Slackbuilds-users mailing list