Re: Security flaw in either DIT TransferPro or Solaris

From: The Man (scottat_private)
Date: Wed Jan 07 1998 - 12:03:35 PST

Next message: Andrew J. Anderson: "NetWare NFS"

Previous message: The Man: "Security flaw in either DIT TransferPro or Solaris"
Maybe in reply to: The Man: "Security flaw in either DIT TransferPro or Solaris"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 05, 1998 at 12:57:33AM -0800, The Man wrote:
>
> They should, of course, be mode 0640.  I'm not sure if this is Solaris's fault
> or the fault of this package.  But no matter whose fault it is, it's quite
> nasty.  :)
>

The fix for this is to change the entry in /etc/minor_perm for the ff driver.

I've been contacted by two people from DIT, and neither seem to think that
having a root device readable and writable by anyone with system access is
a security problem.  They say that the devices must have these permissions
in order for users to access devices through the TransferPro
application.  There are other methods, of course.

--
Scott Smith
scottat_private

Mail received via UUCP, read with Mutt, and composed with vi on NetBSD-1.2G.

Next message: Andrew J. Anderson: "NetWare NFS"
Previous message: The Man: "Security flaw in either DIT TransferPro or Solaris"
Maybe in reply to: The Man: "Security flaw in either DIT TransferPro or Solaris"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:19 PDT