Bugtraq mailing list archives

Re: Security problem in ESRI's ArcDoc 7.0.4

From: jwa () nbs nau edu (James W. Abendschan)
Date: Fri, 24 May 1996 19:07:46 -0700


Way back on May 24,  6:20pm, Andrew Raphael wrote:

The program "fm_fls" as distributed with ESRI's "ArcDoc" package (7.0.4)
[...]
I've seen fm_fls distributed with other applications -- perhaps the
bug is not specific to ARC/Info?


fm_fls is the FrameMaker license server.  It's not setuid in my vanilla
International FrameMaker installation, but the "chmod 666" behaviour
is there.  It just creates the log file owned by the first person to
run FrameMaker.


In the tarfile from ESRI, the file is setuid, but owned by uid 46.
However, when my installation completed, it's owned by root.  Blah.

James


--
James W. Abendschan                                 Email: jwa () nbs nau edu
UNIX Systems Programmer/Administrator               Phone: (520) 556-7466 x238
Colorado Plateau Research Station, Flagstaff, AZ    Voice mail: *516

Current thread:

Security problem in ESRI's ArcDoc 7.0.4 James W. Abendschan (May 23)
- Re: Security problem in ESRI's ArcDoc 7.0.4 Andrew Raphael (May 24)
- <Possible follow-ups>
- Re: Security problem in ESRI's ArcDoc 7.0.4 Sven.Wijk (May 24)
- Re: Security problem in ESRI's ArcDoc 7.0.4 James W. Abendschan (May 24)
- Re: Security problem in ESRI's ArcDoc 7.0.4 James W. Abendschan (May 24)