While on the subject of UPS software exploits, I have run across another one. MGE UPS's (http://www.mgeups.com/) Solution Pac software firstly installs as mode 666/777, which, although easy to correct, should be fixed. Next, the programs, when starting up, create lock files in /tmp: COM_init.lock MON_init.lock These files are created with mode 666, and ignore the current umask. I sent a message to MGEUPS 4 months ago with this information, but have had no reply. If you are running the software, you may want to clear /tmp at boot, at least for the lock files. Otherwise any user can turn any file on the system to 0 bytes. -- Ryan Murray (rmurrayat_private, rmurrayat_private) BCIT Computer Resources, Academic Services Student Proctor BCIT Computer Systems Technology Student: Data Communications Option
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:04 PDT