[10674] in bugtraq
Re: Citrix Winframe client for Linux
daemon@ATHENA.MIT.EDU (Davin Milun)
Mon May 31 16:47:27 1999
Message-Id: <199905282043.QAA06864@obelix.cse.Buffalo.EDU>
Date: Fri, 28 May 1999 16:43:31 -0400
Reply-To: Davin Milun <milun@CSE.BUFFALO.EDU>
From: Davin Milun <milun@CSE.BUFFALO.EDU>
X-To: dbt@meat.net
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Mail from 'David Terrell <dbt@meat.net>' dated: Fri, 28
May 1999 12:26:59 -0700
>From: David Terrell <dbt@meat.net>
>Date: Fri, 28 May 1999 12:26:59 -0700
>Subject: Citrix Winframe client for Linux
>To: BUGTRAQ@NETSPACE.ORG
>
>[ presumably this holds true for the other unix clients as well, but
> all I have is linux to test on ]
>
>The Citrix Winframe linux client (used for accessing Winframe and
>Windows NT Server Terminal Edition) has a simple configuration section.
>Perhaps too simple.... All configuration information is stored in a
>directory /usr/lib/ICAClient/config which is mode 777. This in and
>of itself is bad news, since any user on the system can overwrite
>configuration data.
Are you sure that the current (3.x) version still does this.
I know that we saw this with the older 2.x clients, with the 3.x version, it
creates a .ICAClient directory in the user's home directory, and stores the
configuration data there.
Davin.
--
Davin Milun E-mail: milun@cse.Buffalo.EDU milun@acm.org
Fax: (716) 645-3464
WWW: http://www.cse.buffalo.edu/~milun/
