Bugtraq mailing list archives
Re: Security problem in ESRI's ArcDoc 7.0.4
From: jwa () nbs nau edu (James W. Abendschan)
Date: Fri, 24 May 1996 19:07:46 -0700
Way back on May 24, 6:20pm, Andrew Raphael wrote:
The program "fm_fls" as distributed with ESRI's "ArcDoc" package (7.0.4) [...] I've seen fm_fls distributed with other applications -- perhaps the bug is not specific to ARC/Info?fm_fls is the FrameMaker license server. It's not setuid in my vanilla International FrameMaker installation, but the "chmod 666" behaviour is there. It just creates the log file owned by the first person to run FrameMaker.
In the tarfile from ESRI, the file is setuid, but owned by uid 46. However, when my installation completed, it's owned by root. Blah. James -- James W. Abendschan Email: jwa () nbs nau edu UNIX Systems Programmer/Administrator Phone: (520) 556-7466 x238 Colorado Plateau Research Station, Flagstaff, AZ Voice mail: *516
Current thread:
- Security problem in ESRI's ArcDoc 7.0.4 James W. Abendschan (May 23)
- Re: Security problem in ESRI's ArcDoc 7.0.4 Andrew Raphael (May 24)
- <Possible follow-ups>
- Re: Security problem in ESRI's ArcDoc 7.0.4 Sven.Wijk (May 24)
- Re: Security problem in ESRI's ArcDoc 7.0.4 James W. Abendschan (May 24)
- Re: Security problem in ESRI's ArcDoc 7.0.4 James W. Abendschan (May 24)