find setuid files


 
Thread Tools Search this Thread
Special Forums UNIX Desktop Questions & Answers find setuid files
# 1  
Old 08-07-2009
find setuid files

I would like to list files with setuid and setgid set up. I used the find command, but I got a lot of permission denied error. I tried to redirect the error to the hole it does not work. I used the command string below

find . -type f \( -perm -4000 -o -perm -2000 \) -exec ls {} \; 2>/dev/null

find: paths must precede expression.

How can I redirect the error of my find result to the hole?

Thanks,
# 2  
Old 08-08-2009
You probably have a typo in the command you are really running. The above command worked okay for me on Solaris 9 running against the /usr tree as a non-priv user.
# 3  
Old 08-08-2009
That's great! you were right. I got it to work now.

Thanks!
# 4  
Old 08-10-2009
Hello, in this regard, I found an old perl script that will do the same, and even more. Unfortunately, I don't remember how I got it, it was downloaded from somewhere, but there's no authoring information, so if the author reads this, please excuse me for not pointing to the original source.
Here's the script, I hope it will be useful for others :
Code:
#!/usr/bin/perl
#
#
# Run the program with an argument of the directory you want to completely scan
# Usage:
# perl check.pl /usr/bin
#
# By default it will perform check for the root "/"
# This program reports SUID, SGID, STICKY, writeable files by
# user who shouldn't be editing a lot of your files.  :)
# It prints everything to STDOUT by default.  Redirect the output wherever you want.

use warnings; # keep me informed
use strict;  # Keep me honest

my $root = shift;
my $BEGINNING_LEVEL=0;

if(not $root)
{
    # Initialize if the user didn't give us anything to cling to.
    $root="/";
}

# Level indexing is provided for debugging and to check if it's going out
# of control.  In dirinfo() you can adjust what the warning and error levels
# are for the number of directory levels deep this will check.
print "Calling dirinfo\n";
dirinfo($root, $BEGINNING_LEVEL);

sub dirinfo
{
    my $dirname = shift;
    my $level = shift;
    my $HANDLE;
    my $MAXLEVEL=100;
    my $WARNINGLEVEL=50;

    if($level==$WARNINGLEVEL)
    {
        print STDERR "WARNING: Deep directory structure. I hope you have some serious RAM free...\n";
    }
    if($level>$MAXLEVEL)
    {
        print STDERR "ERROR: Max recursion met - directory structure deeper than $MAXLEVEL directories. You can change the default in the script, or you can see if you can find any circular symlinks that are causing the problem.  Check the end of your output for clues.\n\n";
        die "ERROR:  Max-eval-depth error.\n";
    }

    opendir HANDLE, "$dirname" or return(-1);

    my @allfiles = readdir HANDLE;

#    print  "Reading info on \"$dirname\"...\n";

    TORTURE: foreach my $file (@allfiles)
    {
        my $foobar;

        if($dirname eq "/")
        {
            $foobar = $dirname . $file;
        }
        else
        {
            $foobar = $dirname. "/". $file;
        }

        # print "\"$foobar\" level $level\n";
        if(($file eq ".") or ($file eq ".."))
        {

        }

        # If the file is writeable, and doesn't belong to the user running
        # this script, then it gets reported.
        elsif((-W $foobar) and (not (-O $foobar)))  # File is writeable&&!owned
        {
            # If it's a directory, report it as such.
            if(-d $foobar)  # File is a directory
            {
                print "\"$foobar\" ### WRITEABLE FOLDER\n"
            }
            else
            {
                my $fileinfo=`ls -la "$foobar"`;
                chomp($fileinfo);
                print "\"$fileinfo\" ### WRITEABLE\n";
            } # End else
        } # End elsif
        elsif(-l $foobar)
        {
            # my $fileinfo=`ls -l "$foobar"`;
            # chomp($fileinfo);
            # print "\"$fileinfo\" ### SYMLINK\n";
            # Symlink evilness.  Especially with GNOME.  :(
        }
        elsif(-d $foobar)  # File is a directory
        {
            # File is a directory - recurse through it
            # DEBUG: print "Entering \"$file\" coming from \"$dirname\"\n";
            my $tmp=dirinfo($foobar, ($level+1));
            if($tmp == -1)
            {
                print "Directory $foobar not readable with your user, sorry, wrong UID.\n";
            }
        }
        elsif(-u $foobar)   # File is SUID
        {
            my $fileinfo=`ls -la "$foobar"`;
            chomp($fileinfo);
            print "$fileinfo ### SUID\n";
        }
        elsif(-g $foobar)  # File is SGID
        {
            my $fileinfo=`ls -la "$foobar"`;
            chomp($fileinfo);
            print "$fileinfo ### SGID\n";
        }
        elsif(-k $foobar)  # File is sticky
        {
            my $fileinfo=`ls -la "$foobar"`;
            chomp($fileinfo);
            print "$fileinfo ### STICKY\n";
        }
        else
        {
#           DEBUG2: print "\"$foobar\" doesn't look very interesting to me.\n";
        }
    } # End foreach
} # End dirinfo

#end

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Setuid usage

I'm trying - as an ordinary user - to create a file in the root directory of my system. For that purpose I wrote a simple script that echoes a string into a file. I made the file executable, used sudo to change ownership to root. Like this: $ cat hello #!/bin/bash echo hello > /hello $... (5 Replies)
Discussion started by: Ralph
5 Replies

2. UNIX for Beginners Questions & Answers

What keeps me from abusing setuid(0) and programs with setuid bit set?

Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ? So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ? ... (2 Replies)
Discussion started by: sreyan32
2 Replies

3. Solaris

Need help with setuid.

Hi Gurus, I need your suggestions,to implement setuid. Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Discussion started by: rama krishna
6 Replies

4. HP-UX

Disable Setuid in HP-UX

Hi All, How to prevent root user from doing setuid(). In otherwords, if the root(any user) is trying to do setuid in a program it should fail. (5 Replies)
Discussion started by: guru13
5 Replies

5. Solaris

setuid and guid

Hi All, Can someone give me some info about setuid or guid topic? Also about sticky bit. Thanks in advance, itik (9 Replies)
Discussion started by: itik
9 Replies

6. HP-UX

how can I find all tool which can setuid like chmod

for security issue ,i would like to find all privilege tools that can setuid how to do this (2 Replies)
Discussion started by: alert0919
2 Replies

7. UNIX for Dummies Questions & Answers

setuid

could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies

8. Shell Programming and Scripting

Searching for SETUID and SETGID using PERL file find with lstat

About System and Perl: Sun Solaris 5.9 sparc, Perl 5.6.1 I've decided to use the perl file::find module to look for all the SETUID and SETGID files on my unix boxes. I wrote something like this: (I've shorted it a little to make it simple) #!/opt/perl/bin/perl use File::Find; find... (1 Reply)
Discussion started by: x96riley3
1 Replies

9. UNIX for Dummies Questions & Answers

Using setuid and setgid

Hi, I have been looking at setuid and setgid. I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?! But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere.. Any help... (1 Reply)
Discussion started by: crispy
1 Replies

10. UNIX for Advanced & Expert Users

setuid

I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script. The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable. The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies
Login or Register to Ask a Question