[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: License Manager's lockfiles (Solaris 2.5.1)
From:       Casper Dik <casper () HOLLAND ! SUN ! COM>
Date:       1998-10-27 8:36:28
[Download RAW message or body]

>On Oct 21,  8:22pm, Joel Eriksson wrote:
>} Subject: License Manager's lockfiles (Solaris 2.5.1)
>} License Manager on Solaris 2.5.1 tends to make stupid lockfiles owned by
>} root and mode 666 (worldwrite'able). That is not good, since anyone could
>} create rootowned files which they then would be able to modify. It's an
>} even bigger problem since it just takes about a minute 'til the lockfile
>} is created after it's replaced with a symlink which it follows ..
>
>Highland has been recommending for ages that you not run the license
>manager as root.  If you follow their advise by running the license
>manager under a dedicated non-privileged uid, you'll significantly
>cut down on the potential damage.


And that has been addressed in the following Sun patches:

104217-01: FLEXlm (SUNWlicsw, SUNWlit) 4.1: CERT security advisory patch
104829-01: FLEXlm 4.1: Licensing (SUNWlicsw, SUNWlit) Jumbo Patch for Solaris SPARC
104830-01: FLEXlm Licensing (SUNWlicsw, SUNWlit) Jumbo Patch for Solaris Intel

[prev in list] [next in list] [prev in thread] [next in thread]