[6349] in bugtraq
Lotus Notes security hole
daemon@ATHENA.MIT.EDU (Magosanyi Arpad)
Fri Mar 20 12:46:02 1998
Date: Fri, 20 Mar 1998 16:11:00 +0100
Reply-To: Magosanyi Arpad <mag@BUNUEL.TII.MATAV.HU>
From: Magosanyi Arpad <mag@BUNUEL.TII.MATAV.HU>
To: BUGTRAQ@NETSPACE.ORG
Hi!
Sorry if it is already reported.
I have a Lotus Notes 4.5 (Intl) on a SunOS 5.5.1 Generic sun4m sparc
SUNW,SPARCstation-10.
The Notes client talks through shared memory with its various parts.
IPC status from <running system> as of Fri Mar 20 16:07:47 1998
T ID KEY MODE OWNER GROUP
Message Queues:
Shared Memory:
m 26113 0xf8000000 --rw-rw---- mag usr
m 26114 0xf8000001 --rw-rw---- mag usr
m 26115 0xf8000002 --rw-rw---- mag usr
m 18948 0xf8000003 --rw-rw---- mag usr
That means that anyone in my primary group can read and write those shm=
em
segments. I hope it is not directly equivalent with mailbox being mode =
660,
but one never can be sure enough.
Can someone shed some light on it?
A workaround i can think of: make a private primary group for each user=
. It
is recommended anyway.
--
GNU GPL: csak tiszta forr=E1sb=F3l
