|
|
The following is an example of a find command that locates all the executables with fixed privileges:
#find / -type f -perm -111 -print -exec filepriv {} \; > sec.audit
#cat sec.audit
. . . /usr/bin/message /usr/bin/mimencode /usr/bin/mkdir fixed macupgrade /usr/bin/newgrp fixed setuid /usr/bin/news /usr/bin/newvt . . . /usr/rar/bin/xsh fixed allprivs . . . #
In this case, user rar has managed to place the entire set of privileges as fixed privileges upon /usr/rar/bin/xsh.