Bugtraq mailing list archives
Re: Security flaw in either DIT TransferPro or Solaris
From: scott () LACKLUSTER NET (The Man)
Date: Wed, 7 Jan 1998 12:03:35 -0800
On Mon, Jan 05, 1998 at 12:57:33AM -0800, The Man wrote:
They should, of course, be mode 0640. I'm not sure if this is Solaris's fault or the fault of this package. But no matter whose fault it is, it's quite nasty. :)
The fix for this is to change the entry in /etc/minor_perm for the ff driver. I've been contacted by two people from DIT, and neither seem to think that having a root device readable and writable by anyone with system access is a security problem. They say that the devices must have these permissions in order for users to access devices through the TransferPro application. There are other methods, of course. -- Scott Smith scott () lackluster net Mail received via UUCP, read with Mutt, and composed with vi on NetBSD-1.2G.
Current thread:
- Security flaw in either DIT TransferPro or Solaris The Man (Jan 05)
- Re: Security flaw in either DIT TransferPro or Solaris The Man (Jan 07)
- NetWare NFS Andrew J. Anderson (Jan 08)
- New DOS exploit for NT and Win95 (CONFIRMED?) Aleph One (Jan 08)
- bonk.c Aleph One (Jan 08)
- Re: bonk.c Jord Sonneveld (Jan 10)
- riptrace.c Aleph One (Jan 08)
- Re: riptrace.c Christopher Masto (Jan 08)
- Re: riptrace.c Alfred Huger (Jan 08)
- Nifty Security hole on Several NT Based Web Servers Aleph One (Jan 09)
- Re: riptrace.c Theo de Raadt (Jan 09)
- Re: riptrace.c Hubert Feyrer (Jan 08)
- Re: riptrace.c Christopher Masto (Jan 08)