Re: Security flaw in either DIT TransferPro or Solaris

The Man (scott@LACKLUSTER.NET)
Wed, 07 Jan 1998 12:03:35 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew J. Anderson: "NetWare NFS"
Previous message: The Man: "Security flaw in either DIT TransferPro or Solaris"
Maybe in reply to: The Man: "Security flaw in either DIT TransferPro or Solaris"

On Mon, Jan 05, 1998 at 12:57:33AM -0800, The Man wrote:
>
> They should, of course, be mode 0640. I'm not sure if this is Solaris's fault
> or the fault of this package. But no matter whose fault it is, it's quite
> nasty. :)
>

The fix for this is to change the entry in /etc/minor_perm for the ff driver.

I've been contacted by two people from DIT, and neither seem to think that
having a root device readable and writable by anyone with system access is
a security problem. They say that the devices must have these permissions
in order for users to access devices through the TransferPro
application. There are other methods, of course.

-- Scott Smith scott@lackluster.net

Mail received via UUCP, read with Mutt, and composed with vi on NetBSD-1.2G.

Next message: Andrew J. Anderson: "NetWare NFS"
Previous message: The Man: "Security flaw in either DIT TransferPro or Solaris"
Maybe in reply to: The Man: "Security flaw in either DIT TransferPro or Solaris"