[10676] in bugtraq
Re: Citrix Winframe client for Linux
daemon@ATHENA.MIT.EDU (Keresztfalvi Gabor)
Mon May 31 16:47:44 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.10.9905291139450.978-100000@ural2>
Date: Sat, 29 May 1999 11:53:27 +0200
Reply-To: Keresztfalvi Gabor <kg230@HSZK.BME.HU>
From: Keresztfalvi Gabor <kg230@HSZK.BME.HU>
X-To: David Terrell <dbt@MEAT.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990528122659.A2279@pianosa.catch22.org>
On Fri, 28 May 1999, David Terrell wrote:
> The Citrix Winframe linux client (used for accessing Winframe and
> Windows NT Server Terminal Edition) has a simple configuration section.
> Perhaps too simple.... All configuration information is stored in a
> directory /usr/lib/ICAClient/config which is mode 777. This in and
> of itself is bad news, since any user on the system can overwrite
> configuration data.
[snip]
> When you start up the actual session manager (wfcmgr) you get a listbox
> of configured sessions. The data for this listbox is stored in the mode
> 777 file /usr/lib/ICAClient/config/appsrv.ini. So there's a single
> config file shared between all users. A sample session profile follows:
I checked it both on Citrix ICA Client for Linux version 2.8.1 and 3.0.15.
Your report is true for 2.8.1, but all of the bugs are already fixed in
3.0.15. So /usr/lib/ICAClient/config is 555 now, and every user has own config
files in ~/.ICAClient.
The version 3.0.15 appeared on 1/18/99.
Greets,
Keresztg
+ Keresztfalvi Gabor
+ Student of the Technical University of Budapest
+ mailto: keresztg@podolin.piar.hu keresztg@mail.com kg230@hszk.bme.hu
+ http://www.piar.hu/~keresztg/ There is my pubkey on this page.
