Re: in.fingerd follows sym-links on Solaris 8

From: Joep Vesseur (Joep.Vesseurat_private)
Date: Fri May 25 2001 - 09:40:01 PDT

Next message: Darren Moffat: "Re: in.fingerd follows sym-links on Solaris 8"

Previous message: David Howe: "Re: Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lukasz,

>  I think about a case where a CGI script saves some important
>  information in a temporary file, like PHP do with the sessions:
> 
>   -rw------- 1 nobody nobody    329 May 14 12:16  /tmp/sess_0cd156a633
> 
>  When you have installed in.fingerd, and the in.fingerd is vulnerable,
>  all local users are able to read the information from the files.

You should not run multiple daemons using the same 'unprivileged'
account. Nobody itself is an extreemly poor choice since the sole
intention of nobody's introduction was to map root to an unprivileged
account when accessing files over NFS.

Run your http daemon as user http (or something like that), and this
problem disappears.

Joep

Next message: Darren Moffat: "Re: in.fingerd follows sym-links on Solaris 8"
Previous message: David Howe: "Re: Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 28 2001 - 13:23:59 PDT