Bugtraq mailing list archives

Re: Solaris 2.6/7 NTP permissions problem

From: casper () HOLLAND SUN COM (Casper Dik)
Date: Fri, 16 Jul 1999 23:03:53 +0200

    Hi All!

    I reported this bug to Sun approx. 3 weeks ago.  Haven't gotten a
    response yet so I'm going ahead and releasing it.

    Problem:

    I've noticed that the XNTP daemon on Solaris 2.6 and 7 creates
    its drift file (default=/etc/inet/ntp.drift) world-writable (666).
    Even changing the permissions to something sane the permissions
    eventually get set back to 666 (not sure if this is at daemon restart,
    update of the drift file or both).


There's not a whole lot you can do with this hole, though.  xntp will
use it as a hint on how good the local clock is but will put only limited
trust in it.  (You could copy a big file there, but again, that file
disappears).

A standard default umask of 022 for all programs or xntpd would fix this.

In the next release, the default umask will likely be 022

What also helps is:

setfacl -m d:u::7,d:m:5,d:g::5,d:o:5 /etc/inet

Which forces all files created in the directory to have mode 644 or 755.

The solaris FAQ says:

3.50) How can I prevent daemons from creating mode 666 files?

    By default, all daemons inherit the umask 0 from init.
    This is most problematic for a service like ftp, which in a
    standard configuration leaves all uploaded files with mode 666.

    To get daemons to use another umask execute the following
    commands in /bin/sh and reboot:

    umask 022  # make sure umask.sh gets created with the proper mode
    echo "umask 022" > /etc/init.d/umask.sh
    for d in /etc/rc?.d
    do
        ln /etc/init.d/umask.sh $d/S00umask.sh
    done

    Note: the trailing ".sh" of the scriptname is important, if
    you don't specify it, the script will will be executed in a
    sub-shell, not in the main shell that executes all other scripts.

    In Solaris 2.6 and later, in.ftpd(1M) allows setting its umask
    in /etc/default/ftpd.

    --- end of excerpt from the FAQ

Questions marked with a * or + have been changed or added since
the FAQ was last posted

The most recently posted version of the FAQ is available from
<http://www.wins.uva.nl/pub/solaris/solaris2/>

Current thread:

Re: L0pht 'Domino' Vulnerability is alive and well, (continued)
- Re: L0pht 'Domino' Vulnerability is alive and well Pavel Ahafonau (Jul 07)
- Re: L0pht 'Domino' Vulnerability is alive and well mtremblay () BAHNSO COM (Jul 08)
  - Re: L0pht 'Domino' Vulnerability is alive and well Ryan Thomas Tecco (Jul 09)
  - Communicator 4.[56]x, JavaScript used to bypass cookie settings Peter W (Jul 09)
    - (no subject) Anonymous (Jul 09)
    - Re: your mail Darren Reed (Jul 12)
    - Navigator cookie security Oliver Lineham (Jul 09)
    - Re: Communicator 4.[56]x, JavaScript used to bypass cookie settings Claudio Telmon (Jul 13)
    - Solaris 2.6/7 NTP permissions problem john_smith () RD QMS COM (Jul 14)
    - Privacy concerns in interMute John Temples (Jul 16)
    - Re: Solaris 2.6/7 NTP permissions problem Casper Dik (Jul 16)
    - (no subject) sbr (Jul 14)
    - joe 2.8 makes world-readable DEADJOE Trevor Johnson (Jul 17)
    - Re: your mail hal (Jul 19)
  - [LoWNOISE] Lotus Domino ET LoWNOISE (Jul 09)