X-RDate: Mon, 23 Mar 1998 09:25:50 +0500 (ESK)
Date: Fri, 20 Mar 1998 16:11:00 +0100
From: Magosanyi Arpad <[email protected]>
To: [email protected]Subject: Lotus Notes security hole
Hi!
Sorry if it is already reported.
I have a Lotus Notes 4.5 (Intl) on a SunOS 5.5.1 Generic sun4m sparc
SUNW,SPARCstation-10.
The Notes client talks through shared memory with its various parts.
IPC status from <running system> as of Fri Mar 20 16:07:47 1998
T ID KEY MODE OWNER GROUP
Message Queues:
Shared Memory:
m 26113 0xf8000000 --rw-rw---- mag usr
m 26114 0xf8000001 --rw-rw---- mag usr
m 26115 0xf8000002 --rw-rw---- mag usr
m 18948 0xf8000003 --rw-rw---- mag usr
That means that anyone in my primary group can read and write those shmem
segments. I hope it is not directly equivalent with mailbox being mode 660,
but one never can be sure enough.
Can someone shed some light on it?
A workaround i can think of: make a private primary group for each user. It
is recommended anyway.
--
GNU GPL: csak tiszta forrАsbСl