Date: Wed, 30 Jan 2002 17:42:03 -0600 (CST)
From: "Kevin A. Nassery" <[email protected]>
To: [email protected]Subject: tac_plus version F4.0.4.alpha on at least Solaris 8 sparc
Cc: [email protected]
Software: tac_plus version F4.0.4.alpha, compiled
on Solaris 8 sparc.
Abstract:
tac_plus version F4.0.4.alpha, an example Tacacs+ daemon released
(but not supported) by Cisco isn't careful with it's permissions when
creating accounting files.
Vulneribility:
Any file defined with and accounting directive, in a tac_plus
config file, is create with file permissions set at 666.
Allowing any system account to modify its contents.
When appending to the file, if it's not there initially, it is created.
When it is created it is done so with file permissions set at 666.
A simple work arround is to create a file, at the path set in the
config file, and manually set the permission to 600. The tac_plus
daemon will continue to append to the file, without setting the
permissions back to 666. I just wanted to make sure this was out there
for people who are rotating logs, and just letting the daemon create
new files.
Kevin Nassery
Network & Security Engineer
http://nassery.org
