Usando find -perm para encontrar arquivos setuid

Question

Usando find -perm para encontrar arquivos setuid

#1 resposta do (6 votos)

1

Eu quero encontrar uma lista de todos os binários suid. Eu uso o comando

find / -perm 4000

No entanto, isso não me dá nenhuma saída. Eu entendo que o arquivo SUID pode estar no modo de permissão 4xxx. Mas se eu emitir o comando

find / -perm -4000 (which all websites tell)

ou o comando

find / -perm +4000

ambos me dão o mesmo resultado. Até onde eu entendo deve sempre ser +4000 (porque se é usuário suid binário então o primeiro byte deve ser 4, se o grupo suid binário então o primeiro byte deve ser 2 e se um bit pegajoso for ligado no diretório então o primeiro byte deve ser seja 1). Então, como é que -4000 também dão resultados?

permissions find setuid

por Sounak reborn 02.07.2015 / 07:55

1 resposta

Tags permissions find setuid

Como evitar a passagem de diretórios recursivos para sincronizar dois diretórios? [fechadas] como armazenar a saída de um comando na matriz com cada valor em uma aspa dupla

score 6 · Accepted Answer

O uso de -perm +mode parece ser preterido. Talvez a ajuda de man find possa ajudar a resolver sua dúvida:

-perm mode

File's permission bits are exactly mode (octal or symbolic). Since an exact match is required, if you want to use this form for symbolic modes, you may have to specify a rather complex mode string. For example -perm g=w will match only files which have mode 0020 (that is, ones for which group write permission is the only permission set). It is more likely that you will want to use the ‘/’ or ‘–’ forms, for example -perm -g=w, which matches any file with group write permission. See the EXAMPLES section for some illustrative examples.

-perm –mode

All of the permission bits mode are set for the file. Symbolic modes are accepted in this form, and this is usually the way in which would want to use them. You must specify ‘u’, ‘g’ or ‘o’ if you use a symbolic mode. See the EXAMPLES section for some illustrative examples.

-perm /mode

Any of the permission bits mode are set for the file. Symbolic modes are accepted in this form. You must specify ‘u’, ‘g’ or ‘o’ if you use a symbolic mode. See the EXAMPLES section for some illustrative examples. If no permission bits in mode are set, this test matches any file (the idea here is to be consistent with the behaviour of -perm -000).

-perm +mode

Deprecated, old way of searching for files with any of the permission bits in mode set. You should use -perm /mode instead. Trying to use the ‘+’ syntax with symbolic modes will yield surprising results. For example, ‘+u+x’ is a valid symbolic mode (equivalent to +u,+x, i.e., 0111) and will therefore not be evaluated as -perm +mode but instead as the exact mode specifier -perm mode and so it matches files with exact permissions 0111 instead of files with any execute bit set. If you found this paragraph confusing, you're not alone – just use -perm /mode. This form of the -perm test is deprecated because the POSIX specification requires the interpretation of a leading ‘+’ as being part of a symbolic mode, and so we switched to using ‘/’ instead.

Referência:

find (GNU findutils) 4.4.2