Bugtraq mailing list archives

Solaris 2.6/7 NTP permissions problem

From: john_smith () RD QMS COM (john_smith () RD QMS COM)
Date: Wed, 14 Jul 1999 11:21:13 -0500


     Hi All!

     I reported this bug to Sun approx. 3 weeks ago.  Haven't gotten a
     response yet so I'm going ahead and releasing it.

     Problem:

     I've noticed that the XNTP daemon on Solaris 2.6 and 7 creates
     its drift file (default=/etc/inet/ntp.drift) world-writable (666).
     Even changing the permissions to something sane the permissions
     eventually get set back to 666 (not sure if this is at daemon restart,
     update of the drift file or both).

     Work-around:

     Simply add a umask command to the beginning of the XNTP startup
     script (/etc/init.d/xntpd).

     John Smith
     QMS, Inc.

Current thread:

L0pht 'Domino' Vulnerability is alive and well Aleph One (Jul 05)
- <Possible follow-ups>
- Re: L0pht 'Domino' Vulnerability is alive and well Weld Pond (Jul 06)
- Re: L0pht 'Domino' Vulnerability is alive and well Pavel Ahafonau (Jul 07)
- Re: L0pht 'Domino' Vulnerability is alive and well mtremblay () BAHNSO COM (Jul 08)
  - Re: L0pht 'Domino' Vulnerability is alive and well Ryan Thomas Tecco (Jul 09)
  - Communicator 4.[56]x, JavaScript used to bypass cookie settings Peter W (Jul 09)
    - (no subject) Anonymous (Jul 09)
    - Re: your mail Darren Reed (Jul 12)
    - Navigator cookie security Oliver Lineham (Jul 09)
    - Re: Communicator 4.[56]x, JavaScript used to bypass cookie settings Claudio Telmon (Jul 13)
    - Solaris 2.6/7 NTP permissions problem john_smith () RD QMS COM (Jul 14)
    - Privacy concerns in interMute John Temples (Jul 16)
    - Re: Solaris 2.6/7 NTP permissions problem Casper Dik (Jul 16)
    - (no subject) sbr (Jul 14)
    - joe 2.8 makes world-readable DEADJOE Trevor Johnson (Jul 17)
    - Re: your mail hal (Jul 19)
  - [LoWNOISE] Lotus Domino ET LoWNOISE (Jul 09)