WebSphere protections from installation

From: Martin Peter (srzpemat_private)
Date: Thu Dec 02 1999 - 05:00:56 PST

Next message: Stewart Gebbie: "Slackware 7.0 - login bug"

Previous message: Geo.: "Re: NTmail and VRFY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hello,
On solaris (maybe also AIX) the installation of WebSphere from IBM
installs a deinstallation shell script in /usr/bin with protection 777.
This script is also called by 'pkgrm', which has to be issued by
root. The script can therefore be easily used for placing a troian
horse etc. Besides this dangerous protection settings, WebSpher places
GIF, lst and db files in /usr/bin and all directories of WebSpher are 777.

cheers
martin
 _________   ________________________________________________________________
|_________|  Dr. Martin Peter               internet:  m.peterat_private
 _   _   _
| | | | | |  Swiss Re
| | | | | |  Mythenquai 50/60
|_| |_| |_|  8022 Zuerich / Switzerland

Next message: Stewart Gebbie: "Slackware 7.0 - login bug"
Previous message: Geo.: "Re: NTmail and VRFY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:16:26 PDT