|
[Veritas-bu] NBU Client security.
2003-01-09 18:36:57
|
Subject: |
[Veritas-bu] NBU Client security. |
|
From: |
CJManders AT lbl DOT gov (Christopher Jay Manders) |
|
Date: |
Thu, 09 Jan 2003 15:36:57 -0800 |
Hi,
Well, we have had a bit of a time tightening the security for our client
systems. During an audit we noted that alot of stuff is set to 0777
under /usr/openv, including that directory.
Is anyone else seeing their clients (installed with install_client) set
like that?
What I don't get is that Veritas has let us know that the ownership
should be root.other and the perms almost all 0777. If the process is
run as root, owned by root, why does the group and other need write
permission at all?
Anyway, I think this is bad. A single buffer overflow would be a win-win
for a cracker..... ;-)
I have checked and 0555 works fine. Any reason for the 0777? Perhaps I
could see the logs directory, but the rest?
I thought I'd share this newfound knowledge. Care to try to get an NBU
tool to core dump?
Cheers!
Chris
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Veritas-bu] Encryption, Weber, Philip
- [Veritas-bu] Encryption, Kennedy, Jeffrey
- [Veritas-bu] Encryption, Jason Ahrens
- [Veritas-bu] NBU Client security.,
Christopher Jay Manders <=
- [Veritas-bu] Encryption, Jeff Bryer
- [Veritas-bu] Encryption, Wood, Jason
- [Veritas-bu] Encryption, Tim McMurphy
- [Veritas-bu] Encryption, Weber, Philip
|
|
|
