Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_1

Bugtraq archives for 1st quarter (Jan-Mar) 1998: Re: Security flaw in either DIT TransferPro or Solaris

Re: Security flaw in either DIT TransferPro or Solaris

The Man (scottLACKLUSTER.NET)
Wed, 7 Jan 1998 12:03:35 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew J. Anderson: "NetWare NFS"
Previous message: The Man: "Security flaw in either DIT TransferPro or Solaris"
In reply to: The Man: "Security flaw in either DIT TransferPro or Solaris"

On Mon, Jan 05, 1998 at 12:57:33AM -0800, The Man wrote:
>
> They should, of course, be mode 0640.  I'm not sure if this is Solaris's fault
> or the fault of this package.  But no matter whose fault it is, it's quite
> nasty.  :)
>

The fix for this is to change the entry in /etc/minor_perm for the ff driver.

I've been contacted by two people from DIT, and neither seem to think that
having a root device readable and writable by anyone with system access is
a security problem.  They say that the devices must have these permissions
in order for users to access devices through the TransferPro
application.  There are other methods, of course.

--
Scott Smith
scottlackluster.net

Mail received via UUCP, read with Mutt, and composed with vi on NetBSD-1.2G.

Next message: Andrew J. Anderson: "NetWare NFS"
Previous message: The Man: "Security flaw in either DIT TransferPro or Solaris"
In reply to: The Man: "Security flaw in either DIT TransferPro or Solaris"