Bugtraq mailing list archives

Re: Security flaw in either DIT TransferPro or Solaris

From: scott () LACKLUSTER NET (The Man)
Date: Wed, 7 Jan 1998 12:03:35 -0800


On Mon, Jan 05, 1998 at 12:57:33AM -0800, The Man wrote:


They should, of course, be mode 0640.  I'm not sure if this is Solaris's fault
or the fault of this package.  But no matter whose fault it is, it's quite
nasty.  :)


The fix for this is to change the entry in /etc/minor_perm for the ff driver.

I've been contacted by two people from DIT, and neither seem to think that
having a root device readable and writable by anyone with system access is
a security problem.  They say that the devices must have these permissions
in order for users to access devices through the TransferPro
application.  There are other methods, of course.


--
Scott Smith
scott () lackluster net

Mail received via UUCP, read with Mutt, and composed with vi on NetBSD-1.2G.

Current thread:

Security flaw in either DIT TransferPro or Solaris The Man (Jan 05)
- Re: Security flaw in either DIT TransferPro or Solaris The Man (Jan 07)
- NetWare NFS Andrew J. Anderson (Jan 08)
- New DOS exploit for NT and Win95 (CONFIRMED?) Aleph One (Jan 08)
- bonk.c Aleph One (Jan 08)
  - Re: bonk.c Jord Sonneveld (Jan 10)
- riptrace.c Aleph One (Jan 08)
  - Re: riptrace.c Christopher Masto (Jan 08)
    - Re: riptrace.c Alfred Huger (Jan 08)
    - Nifty Security hole on Several NT Based Web Servers Aleph One (Jan 09)
    - Re: riptrace.c Theo de Raadt (Jan 09)
    - Re: riptrace.c Hubert Feyrer (Jan 08)

(Thread continues...)