Bugtraq mailing list archives
WebSphere protections from installation
From: srzpem () SWISSRE CH (Martin Peter)
Date: Thu, 2 Dec 1999 14:00:56 +0100
hello, On solaris (maybe also AIX) the installation of WebSphere from IBM installs a deinstallation shell script in /usr/bin with protection 777. This script is also called by 'pkgrm', which has to be issued by root. The script can therefore be easily used for placing a troian horse etc. Besides this dangerous protection settings, WebSpher places GIF, lst and db files in /usr/bin and all directories of WebSpher are 777. cheers martin _________ ________________________________________________________________ |_________| Dr. Martin Peter internet: m.peter () ieee org _ _ _ | | | | | | Swiss Re | | | | | | Mythenquai 50/60 |_| |_| |_| 8022 Zuerich / Switzerland
Current thread:
- WebSphere protections from installation Martin Peter (Dec 02)