The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Lotus Notes security hole


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
X-RDate: Mon, 23 Mar 1998 09:25:50 +0500 (ESK)
Date: Fri, 20 Mar 1998 16:11:00 +0100
From: Magosanyi Arpad <[email protected]>
To: [email protected]
Subject: Lotus Notes security hole

Hi!

Sorry if it is already reported.

I have a Lotus Notes 4.5 (Intl) on a SunOS 5.5.1 Generic sun4m sparc
SUNW,SPARCstation-10.

The Notes client talks through shared memory with its various parts.

IPC status from <running system> as of Fri Mar 20 16:07:47 1998
T     ID     KEY        MODE       OWNER    GROUP
Message Queues:
Shared Memory:
m  26113 0xf8000000 --rw-rw----      mag      usr
m  26114 0xf8000001 --rw-rw----      mag      usr
m  26115 0xf8000002 --rw-rw----      mag      usr
m  18948 0xf8000003 --rw-rw----      mag      usr

That means that anyone in my primary group can read and write those shmem
segments. I hope it is not directly equivalent with mailbox being mode 660,
but one never can be sure enough.
Can someone shed some light on it?

A workaround i can think of: make a private primary group for each user. It
is recommended anyway.

--
GNU GPL: csak tiszta forrАsbСl

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру