Greetings, The Linux ARCAD package (at least arcad-0.078-5) from ARCAD Systemhaus unpacks with insecure file permissions. By default, all directories, binaries and scripts are mode 777 and all non-executables are mode 666. This, of course, opens up the possibility of a trojan horse attack if a malicious user modifies these binaries and scripts. The fix, of course, is to configure secure file modes. 755 for directories, binaries and scripts and 644 for non-executables. Brock Tellier UNIX Systems Administrator ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:56 PDT