Bugtraq mailing list archives
Cyberguard FW Silliness
From: phzy () ANTIPLUR COM
Date: Fri, 3 Nov 2000 18:24:17 -0500
Hey guys, Not an extremely huge issue, however one I think worth noting. Cyberguard claims that their FW software runs atop 'hardened' versions of SCO/Unixware (comes bundled w/ the FW package). However, on a default installation of the latest version of the Cyberguard FW on SCO, there are a number of silly permissions on various critical files/directories: drw-rw-rw- /etc/security/firewall/cm drw-rw-rw- /etc/security/firewall/cm-defaults -rw-rw-rw- /etc/.device.tab.lock drwxrwxrw- /etc/conf/pack.d/ktrc -rw-rw-rw- /etc/iaf/cr1/.kmpipe -rw-rw-rw- /etc/scsi/dtab.out -rw-rw-rw- /etc/wsinit.err -rw-rw-rw- /usr/X/lib/fs/fs-errors -rwxrwxrwx /usr/X/desktop/Help_Desk -rw-rw-rw- /var/adm/log/routes -rw-rw-rw- /var/adm/log/qhap.log -rw-rw-rw- /var/adm/sa/* -rw-rw-rw- /var/adm/spellhist -rw-rw-rw- /var/adm/unixtsa.log drwxrwxrwx /var/sadm/dist drwxrwxrwx /var/content/* -rw-rw-rw- /var/audit/1018_list -rw-rw-rw- /dev/X/xfont.7000 -rw-rw-rw- /tmp/.scopty -rw-rw-rw- /opt/QUALha/dev/ifs/* Of course, the obvious symlink/race conditions apply w/ the temp files listed above. When Cyberguard was notified that their 'hardened' OS is not quite as 'hardened' as originally thought, they stated that we would be performing the configuration changes at our own risk and will discontinue our support due to our 'custom', 'uncertified' FW installation. However, they would glady send out a consultant at a cost of $15,000 to audit and certify our 'custom' configuration. HEH! - phzy -- Sent with Antiplur webmail: http://webmail.antiplur.com
Current thread:
- Cyberguard FW Silliness phzy (Nov 04)
- <Possible follow-ups>
- Re: Cyberguard FW Silliness phzy (Nov 06)
- Re: Cyberguard FW Silliness Green, Art (MED) (Nov 06)
- Re: Cyberguard FW silliness phzy (Nov 07)