Bugtraq mailing list archives
Re: Solaris 2.6/7 NTP permissions problem
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Fri, 16 Jul 1999 23:03:53 +0200
Hi All! I reported this bug to Sun approx. 3 weeks ago. Haven't gotten a response yet so I'm going ahead and releasing it. Problem: I've noticed that the XNTP daemon on Solaris 2.6 and 7 creates its drift file (default=/etc/inet/ntp.drift) world-writable (666). Even changing the permissions to something sane the permissions eventually get set back to 666 (not sure if this is at daemon restart, update of the drift file or both).
There's not a whole lot you can do with this hole, though. xntp will use it as a hint on how good the local clock is but will put only limited trust in it. (You could copy a big file there, but again, that file disappears). A standard default umask of 022 for all programs or xntpd would fix this. In the next release, the default umask will likely be 022 What also helps is: setfacl -m d:u::7,d:m:5,d:g::5,d:o:5 /etc/inet Which forces all files created in the directory to have mode 644 or 755. The solaris FAQ says: 3.50) How can I prevent daemons from creating mode 666 files? By default, all daemons inherit the umask 0 from init. This is most problematic for a service like ftp, which in a standard configuration leaves all uploaded files with mode 666. To get daemons to use another umask execute the following commands in /bin/sh and reboot: umask 022 # make sure umask.sh gets created with the proper mode echo "umask 022" > /etc/init.d/umask.sh for d in /etc/rc?.d do ln /etc/init.d/umask.sh $d/S00umask.sh done Note: the trailing ".sh" of the scriptname is important, if you don't specify it, the script will will be executed in a sub-shell, not in the main shell that executes all other scripts. In Solaris 2.6 and later, in.ftpd(1M) allows setting its umask in /etc/default/ftpd. --- end of excerpt from the FAQ Questions marked with a * or + have been changed or added since the FAQ was last posted The most recently posted version of the FAQ is available from <http://www.wins.uva.nl/pub/solaris/solaris2/>
Current thread:
- Re: L0pht 'Domino' Vulnerability is alive and well, (continued)
- Re: L0pht 'Domino' Vulnerability is alive and well Pavel Ahafonau (Jul 07)
- Re: L0pht 'Domino' Vulnerability is alive and well mtremblay () BAHNSO COM (Jul 08)
- Re: L0pht 'Domino' Vulnerability is alive and well Ryan Thomas Tecco (Jul 09)
- Communicator 4.[56]x, JavaScript used to bypass cookie settings Peter W (Jul 09)
- (no subject) Anonymous (Jul 09)
- Re: your mail Darren Reed (Jul 12)
- Navigator cookie security Oliver Lineham (Jul 09)
- Re: Communicator 4.[56]x, JavaScript used to bypass cookie settings Claudio Telmon (Jul 13)
- Solaris 2.6/7 NTP permissions problem john_smith () RD QMS COM (Jul 14)
- Privacy concerns in interMute John Temples (Jul 16)
- Re: Solaris 2.6/7 NTP permissions problem Casper Dik (Jul 16)
- (no subject) sbr (Jul 14)
- joe 2.8 makes world-readable DEADJOE Trevor Johnson (Jul 17)
- Re: your mail hal (Jul 19)