|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Paul Szabo (psz
maths.usyd.edu.au)Date: Wed Jul 03 2002 - 22:14:32 CDT
Juan M. Courcoul <courcoulcampus.qro.itesm.mx> wrote:
> Acrobat Reader 5.0.5 on MacOS X does not seem to have this problem. It
> creates or overwrites the file
>
> /Library/Application Support/Adobe/Fonts/AdobeFnt.lst
>
> with the same owner as the user and with group "admin", but with 644
> file permissions. The directory does not have world-writeable permissions.
I am puzzled: how can a "simple" user create that file, when the directory
has no world-writable permissions? How can another user overwrite it, when
the file has 644 permissions? (It would seem that Juan was running as root;
"simple" users may still be vulnerable. I have no Mac to test.)
(See also http://www.securityfocus.com/bid/3225 .)
Cheers,
Paul Szabo - pszmaths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]