Software: tac_plus version F4.0.4.alpha, compiled on Solaris 8 sparc. Abstract: tac_plus version F4.0.4.alpha, an example Tacacs+ daemon released (but not supported) by Cisco isn't careful with it's permissions when creating accounting files. Vulneribility: Any file defined with and accounting directive, in a tac_plus config file, is create with file permissions set at 666. Allowing any system account to modify its contents. When appending to the file, if it's not there initially, it is created. When it is created it is done so with file permissions set at 666. A simple work arround is to create a file, at the path set in the config file, and manually set the permission to 600. The tac_plus daemon will continue to append to the file, without setting the permissions back to 666. I just wanted to make sure this was out there for people who are rotating logs, and just letting the daemon create new files. Kevin Nassery Network & Security Engineer http://nassery.org
This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 11:25:32 PST