Page 1 of 2
[Security] Permissions incorrect on some of Python's files
Posted: 25. Jan 2013, 17:22
by GJones
According to OSSEC:
Code: Select all
From ossecm@defiant.network Fri Jan 25 11:09:14 2013
Return-Path: <ossecm@defiant.network>
Received: from notify.ossec.net (localhost [127.0.0.1])
by defiant.network (8.14.5/8.14.5) with SMTP id r0PG9ERd006521
for <proteus@localhost>; Fri, 25 Jan 2013 11:09:14 -0500
Message-Id: <201301251609.r0PG9ERd006521@defiant.network>
To: <proteus@defiant.network>
From: OSSEC HIDS <ossecm@defiant.network>
Date: Fri, 25 Jan 2013 11:09:14 -0500
Subject: OSSEC Notification - defiant - Alert level 7
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/SOURCES.txt' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/PKG-INFO' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/zip-safe' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/top_level.txt' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/dependency_links.txt' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/entry_points.txt' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
Indeed, those files have permissions rw-rw-rw-. Methinks this may be a problem.
Edit: From cursory Googling, the correct permissions are 0644 for those files, not 0666.
Re: [Security] Permissions incorrect on some of Python's fil
Posted: 25. Jan 2013, 22:32
by sqlpython
I checked my Salix install which is 13.1 and uses python 2.6 where the Problem does not exist.
My installs of Debian Wheezy & Sid as well as Arch and Gentoo have python 2.7 and python 3.
The afore mentioned installs are ok without any such Write issues to listed python files.
end of transmit..
Re: [Security] Permissions incorrect on some of Python's fil
Posted: 26. Jan 2013, 00:54
by jayseye
Running Salix 13.37 Fluxbox, I do find a
similar situation. All files in this directory are owned by root and world-writable:
Code: Select all
/usr/lib/python2.6/site-packages/distribute-0.6.32-py2.6.egg/EGG-INFO/
Does anyone know whether this poses a security risk? If so, it's likely an upstream issue, as the
distribute package is a user add-on, rather than one shipped by default IIRC. It's a very popular package, though.
In any case, if there really
is a risk here, users may want to fix those file permissions. So a definitive answer would be welcome!
Re: [Security] Permissions incorrect on some of Python's fil
Posted: 26. Jan 2013, 03:12
by sqlpython
^ Well seems Jones has found via Google that permissions can/should be corrected.
I would suggest that GJones post the Google link and Users can make up their minds as to the validity.
Re: [Security] Permissions incorrect on some of Python's fil
Posted: 26. Jan 2013, 04:25
by GJones
Can do:
https://bugs.archlinux.org/task/30020
Not the same problem, but according to that Arch bug report the correct permissions are 644. I set the above files to 644 manually and did not have any problems.
Re: [Security] Permissions incorrect on some of Python's fil
Posted: 26. Jan 2013, 04:27
by GJones
jayseye wrote:Running Salix 13.37 Fluxbox, I do find a
similar situation. All files in this directory are owned by root and world-writable:
Code: Select all
/usr/lib/python2.6/site-packages/distribute-0.6.32-py2.6.egg/EGG-INFO/
Does anyone know whether this poses a security risk? If so, it's likely an upstream issue, as the
distribute package is a user add-on, rather than one shipped by default IIRC. It's a very popular package, though.
In any case, if there really
is a risk here, users may want to fix those file permissions. So a definitive answer would be welcome!
Well, the files are world-writable; which means that, if they're loaded by Wicd or some other daemon that uses Python, they could maybe be tampered with in a way that allows a root shell. Can't give a definitive answer, but I'd say that's cause for concern.
Re: [Security] Permissions incorrect on some of Python's fil
Posted: 26. Jan 2013, 06:48
by jayseye
Actually this link reports the
opposite type of problem, where files are
write protected, but they actually
need to be
world writable:
That's exactly why I'd like to find a definitive answer before changing any permissions.
Re: [Security] Permissions incorrect on some of Python's fil
Posted: 26. Jan 2013, 12:22
by GJones
World readable, not world writable. 644 is world readable but writable only by the owner.
Code: Select all
# touch foo
# chmod 644 foo
# ls -l
total 0
-rw-r--r-- 1 root root 0 Jan 26 07:21 foo
Re: [Security] Permissions incorrect on some of Python's fil
Posted: 26. Jan 2013, 15:06
by jayseye
Sigh. 
Re: [Security] Permissions incorrect on some of Python's fil
Posted: 27. Jan 2013, 16:12
by GJones
Well, the permissions on everything other than the files in the
distribute-0.6.32-py2.6.egg dir are 644.
I tried to verify the permissions on OpenSUSE, but OpenSUSE's Python 2.7 does not have that directory; so I guess it is an upstream issue with Slackware.
