This file is indexed.

/usr/lib/tiger/doc/filesys.html is in tiger 1:3.2.3-10.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
<HR><PRE>








</PRE><HR>
<CENTER><H2> Documents for filesys</H2></CENTER>
<A NAME="fsys001f"><P><B>Code [fsys001f]</B><P>
The listed file is a setuid script. On most UNIX machines, it is not
possible to write a secure setuid script, due to a race condition in
the Operating System. Even on systems where this is corrected, the
difficulties in writing a truly secure setuid script make them very
undesirable. The setuid bits should be turned off of this file.
<P>
If you must run a script under another id, then perhaps the best
solution is to write a wrapper program in C which creates a safe
environment for the script, then exec()'s it.
<PRE>










</PRE><HR>
<A NAME="fsys002w"><P><B>Code [fsys002w]</B><P>
The listed program is a setuid executable, and it appears to contain
relative pathnames (do not start with a '/'). This often represents
a security hole in the program. These relative pathnames can be caused
by system()* or popen()* calls which do not use full pathnames to the
executable, or, on systems which support dynamic linking, relative
pathnames indicating the directories containing the libraries. In any
case, these need to be checked.
<P>
*Note: system() and popen() should *never* be used from a program
which is executing with privileges.
<PRE>










</PRE><HR>
<A NAME="fsys003c"><P><B>Code [fsys003c]</B><P>
The database of setuid programs for this platform does not exist, thus
all setuid programs will be listed. When fully configured for a
platform, only those setuid programs that do not appear in the
distribution will be listed.
<PRE>










</PRE><HR>
<A NAME="fsys004a"><P><B>Code [fsys004a]</B><P>
The listed programs are setuid, but are not in the database of
setuid programs which appear in the OS distribution.
<PRE>










</PRE><HR>
<A NAME="fsys005a"><P><B>Code [fsys005a]</B><P>
The listed file has an unusual filenames. These include files with
multiple leading '.', filenames with spaces, etc. The variable
FS_FILES can be set in the 'tigerrc' file to specify the filename
patterns which are reported.
<PRE>










</PRE><HR>
<A NAME="fsys006a"><P><B>Code [fsys006a]</B><P>
The listed files are device files that are located in non-standard
locations. These should be checked. The variable FS_DEVDIRS can
be set in the 'tigerrc' file to specify other directories which can
contain device files.
<PRE>










</PRE><HR>
<A NAME="fsys007i"><P><B>Code [fsys007i]</B><P>
The indicated file is a symbolic link to a system file which is
related to system security. In itself, the link is not dangerous,
but you should be aware of its presence, as it can cause unexpected
results with the 'chown' and 'chmod' commands. On many systems, the
'chown' command does not change the owner of the link itself, but
instead, changes the ownership of the file the link resolves to.
The same type of problem exists for 'chmod' on most systems. Thus,
the simple act of performing a
<P>
chown -R joeuser /home/joeuser
<P>
could potentially change the owner of a system file to 'joeuser'.
<PRE>










</PRE><HR>
<A NAME="fsys008f"><P><B>Code [fsys008f]</B><P>
The listed directories are world writable. These provide a location
for intruders to store files. They should be checked for unusual
files.
<PRE>










</PRE><HR>
<A NAME="fsys009w"><P><B>Code [fsys009w]</B><P>
An FSP server control file has been located. This indicates that
an FSP server may be running, or have been running, using the
directory containing the listed file as its base.
<PRE>










</PRE><HR>
<A NAME="fsys010w"><P><B>Code [fsys010w]</B><P>
The listed file is a setgid script. On most UNIX machines, it is not
possible to write a secure setgid script, due to a race condition in
the Operating System. Even on systems where this is corrected, the
difficulties in writing a truly secure setgid script make them very
undesirable.
<PRE>










</PRE><HR>
<A NAME="fsys011a"><P><B>Code [fsys011a]</B><P>
The listed programs are setgid, but are not in the database of
setgid programs which appear in the OS distribution.
<PRE>










</PRE><HR>
<A NAME="fsys012w"><P><B>Code [fsys012w]</B><P>
The listed program is not owned by an administrative user. The
majority of SUID programs should probably be owned by an
administrative user.
<PRE>










</PRE><HR>
<A NAME="fsys013w"><P><B>Code [fsys013w]</B><P>
The symbolic link points to a file that does not exist in the filesystem.
In itself, the link is not dangerous, but you should be aware of its
presence, as it might be related to an abnormal situation or
system misconfiguration.
You can safely ignore this information if it is related to a remotely
mounted filesystem (e.g. NFS) since symlinks in remote filesystems
might be valid only on the system that exports it.
<PRE>










</PRE><HR>
<A NAME="fsys014w"><P><B>Code [fsys014w]</B><P>
The file does not belong to any user. It is owned by a numeric UID which is
not defined in the system. This might have happened due to a user being
removed from the system and the files that were owned by this user have not
been removed. In this case, if a new user is created in the system matching
this user ID he will inmediately own the orphaned files.
<P>
This circumstance might also show up if the user database is not fully defined
locally (i.e. some of it is in an external repository such as an LDAP). If
this is the case you can safely ignore this warning.
<PRE>










</PRE><HR>
<A NAME="fsys015w"><P><B>Code [fsys015w]</B><P>
The file does not belong to any group. It is owned by a group UID which is
not defined in the system. This might have happened due to a group being
removed from the system and the files that were owned by this group
have not been removed. In this case, if a new group is created in the system
matching this group ID, the users belonging to this group will inmediately own
the orphaned files.
<P>
This circumstance might also show up if the group database is not fully
defined locally (i.e. some of it is in an external repository such as an
LDAP). If this is the case you can safely ignore this warning.