[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] security risk... is this normal?

Subject: [cobalt-users] security risk... is this normal?
From: Greg Hewitt-Long <cobaltusers@xxxxxxxxxxxxxxxxxxx>
Date: Mon Mar 1 08:24:01 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I've just found what I think is a potential problem - the uninstaller filesfound in:


/var/lib/cobalt/uninstallers

most of them are permissioned as 755 and owner root, group root. althoughmost rpm installs as root should not rpm -e as another user, there are thepotential for open permissioned folders and files to be removed if anunauthorized SSH/telnet enabled user were to attempt to run one/more ofthese files.... any thoughts?


regards

Greg Hewitt-Long

ps - I noticed that a third-party installation of phpMyAdmin from NuOncewas CORRECTLY set as 700 and root/root owner/group - thereby removing thepossibility that a non-permissioned user could cause any problem.

Follow-Ups:
- [cobalt-users] Any known security holes in Neomail
  - From: Greg Deola
- Re: [cobalt-users] security risk... is this normal?
  - From: Dmitry Alexeyev

References:
- [cobalt-users] raq550: starting clock...
  - From: > freitag lab. ag / nafroth

Prev by Date: [cobalt-users] raq550: starting clock...
Next by Date: [cobalt-users] Any known security holes in Neomail
Previous by thread: [cobalt-users] raq550: starting clock...
Next by thread: [cobalt-users] Any known security holes in Neomail

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index