[asterisk-security] SGID on zaptel 1.4.5 and 1.4.6

Tzafrir Cohen tzafrir.cohen at xorcom.com
Sun Dec 9 11:25:07 CST 2007 

On Fri, Dec 07, 2007 at 12:53:21PM +0200, Nicki de Wet wrote:
> Hi,
> 
> By chance (when preparing for an LPI exam) I noticed that in Zaptel 1.4.5 
> and 1.4.6 all the directories have the SGID bit set. Is there a reason 
> for it, or just finger trouble?

As soeone who studies for an LPI exam, I would have expected more from
you:

* What switches of tar would allow this and under what circumstances?

* What security implications (if at all) does it have?

> 
>  # tar ztvf zaptel-1.4.5.1.tar.gz |grep "^d"
> drwxr-sr-x root/root         0 2007-08-21 23:16:53 zaptel-1.4.5.1/
> drwxr-sr-x root/root         0 2007-08-21 23:16:45 zaptel-1.4.5.1/build_tools/
> drwxr-sr-x root/root         0 2007-08-21 23:16:46 zaptel-1.4.5.1/wct4xxp/
> drwxr-sr-x root/root         0 2007-08-21 23:16:48 zaptel-1.4.5.1/firmware/
> drwxr-sr-x root/root         0 2007-08-21 23:16:48 zaptel-1.4.5.1/hpec/
> drwxr-sr-x root/root         0 2007-08-21 23:16:51 zaptel-1.4.5.1/wctdm24xxp/
> drwxr-sr-x root/root         0 2007-08-21 23:16:46 zaptel-1.4.5.1/doc/
> drwxr-sr-x root/root         0 2007-08-21 23:16:48 zaptel-1.4.5.1/wctc4xxp/
> drwxr-sr-x root/root         0 2007-08-21 23:16:54 zaptel-1.4.5.1/oct612x/
> drwxr-sr-x root/root         0 2007-08-21 23:16:53 zaptel-1.4.5.1/oct612x/octdeviceapi/
> drwxr-sr-x root/root         0 2007-08-21 23:16:53 zaptel-1.4.5.1/oct612x/octdeviceapi/oct6100api/
> drwxr-sr-x root/root         0 2007-08-21 23:16:53 zaptel-1.4.5.1/oct612x/octdeviceapi/oct6100api/oct6100_api/
> drwxr-sr-x root/root         0 2007-08-21 23:16:53 zaptel-1.4.5.1/oct612x/octdeviceapi/oct6100api/oct6100_apimi/
> drwxr-sr-x root/root         0 2007-08-21 23:16:53 zaptel-1.4.5.1/oct612x/apilib/
> drwxr-sr-x root/root         0 2007-08-21 23:16:53 zaptel-1.4.5.1/oct612x/apilib/largmath/
> drwxr-sr-x root/root         0 2007-08-21 23:16:53 zaptel-1.4.5.1/oct612x/apilib/llman/
> drwxr-sr-x root/root         0 2007-08-21 23:16:53 zaptel-1.4.5.1/oct612x/apilib/bt/
> drwxr-sr-x root/root         0 2007-08-21 23:16:54 zaptel-1.4.5.1/oct612x/include/
> drwxr-sr-x root/root         0 2007-08-21 23:16:53 zaptel-1.4.5.1/oct612x/include/apilib/
> drwxr-sr-x root/root         0 2007-08-21 23:16:54 zaptel-1.4.5.1/oct612x/include/oct6100api/
> drwxr-sr-x root/root         0 2007-08-21 23:16:54 zaptel-1.4.5.1/oct612x/include/octrpc/
> drwxr-sr-x root/root         0 2007-08-21 23:16:48 zaptel-1.4.5.1/datamods/
> drwxr-sr-x root/root         0 2007-08-21 23:16:51 zaptel-1.4.5.1/xpp/
> drwxr-sr-x root/root         0 2007-08-21 23:16:49 zaptel-1.4.5.1/xpp/firmwares/
> drwxr-sr-x root/root         0 2007-08-21 23:16:51 zaptel-1.4.5.1/xpp/utils/
> drwxr-sr-x root/root         0 2007-08-21 23:16:50 zaptel-1.4.5.1/xpp/utils/zconf/
> drwxr-sr-x root/root         0 2007-08-21 23:16:50 zaptel-1.4.5.1/xpp/utils/zconf/Zaptel/
> drwxr-sr-x root/root         0 2007-08-21 23:16:50 zaptel-1.4.5.1/xpp/utils/zconf/Zaptel/Config/
> drwxr-sr-x root/root         0 2007-08-21 23:16:50 zaptel-1.4.5.1/xpp/utils/zconf/Zaptel/Xpp/
> drwxr-sr-x root/root         0 2007-08-21 23:16:50 zaptel-1.4.5.1/xpp/utils/zconf/Zaptel/Hardware/
> drwxr-sr-x root/root         0 2007-08-21 23:16:52 zaptel-1.4.5.1/menuselect/
> drwxr-sr-x root/root         0 2007-08-21 23:16:53 zaptel-1.4.5.1/menuselect/mxml/

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

More information about the asterisk-security mailing list