Multiple Vendor ARCAD permission problems

From: Brock Tellier (btellierat_private)
Date: Wed Sep 29 1999 - 19:30:01 PDT

Next message: Sylvain Robitaille: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"

Previous message: Eric Griffis: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greetings,

The Linux ARCAD package (at least arcad-0.078-5) from ARCAD Systemhaus unpacks
with insecure file permissions.  By default, all directories, binaries and
scripts are mode 777 and all non-executables are mode 666.  This, of course,
opens up the possibility of a trojan horse attack if a malicious user modifies
these binaries and scripts.

The fix, of course, is to configure secure file modes.
755 for directories, binaries and scripts and 644 for non-executables.

Brock Tellier
UNIX Systems Administrator

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1

Next message: Sylvain Robitaille: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Previous message: Eric Griffis: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:56 PDT