[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: License Manager's lockfiles (Solaris 2.5.1)
From: Casper Dik <casper () HOLLAND ! SUN ! COM>
Date: 1998-10-27 8:36:28
[Download RAW message or body]
>On Oct 21, 8:22pm, Joel Eriksson wrote:
>} Subject: License Manager's lockfiles (Solaris 2.5.1)
>} License Manager on Solaris 2.5.1 tends to make stupid lockfiles owned by
>} root and mode 666 (worldwrite'able). That is not good, since anyone could
>} create rootowned files which they then would be able to modify. It's an
>} even bigger problem since it just takes about a minute 'til the lockfile
>} is created after it's replaced with a symlink which it follows ..
>
>Highland has been recommending for ages that you not run the license
>manager as root. If you follow their advise by running the license
>manager under a dedicated non-privileged uid, you'll significantly
>cut down on the potential damage.
And that has been addressed in the following Sun patches:
104217-01: FLEXlm (SUNWlicsw, SUNWlit) 4.1: CERT security advisory patch
104829-01: FLEXlm 4.1: Licensing (SUNWlicsw, SUNWlit) Jumbo Patch for Solaris SPARC
104830-01: FLEXlm Licensing (SUNWlicsw, SUNWlit) Jumbo Patch for Solaris Intel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic