[8057] in bugtraq
Re: Globetrotter FlexLM 'lmdown' bogosity
daemon@ATHENA.MIT.EDU (Nathan Neulinger)
Mon Sep 28 14:31:47 1998
Date: Mon, 28 Sep 1998 08:11:52 -0500
Reply-To: Nathan Neulinger <nneul@UMR.EDU>
From: Nathan Neulinger <nneul@UMR.EDU>
X-To: Kemasa <kemasa@SILICON.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199809271833.LAA06789@topaz.silicon.net>; from Kemasa on Sun,
Sep 27, 1998 at 11:33:32AM -0700
I should have sent this in my first reply, but all you need to do is
add the "-x lmdown" and "-x lmremove" options to the command line when you
start lmgrd. That disables the feature.
-- Nathan
On Sun, Sep 27, 1998 at 11:33:32AM -0700, Kemasa wrote:
> >From: Valdis.Kletnieks@VT.EDU
> >...
> >Well, here's an oldie but goodie, which we first saw at least 3 years
> >ago. Lo and behold, it's apparently STILL broken. Sorry, no vendor
> >notification - we told them 3 years ago. ;)
> >
> >FlexLM 'lmdown' command will chow your license server from anywhere on
> >the Internet - all you need is a copy of the license file. The
> >authentication appears to be "Well, you appear to be root on the
> >machine that you typed 'lmdown' on".
>
> Have you looked at the switch options for lmgrd? If you had you
> would find that there is an option to limit the ability to take
> down the license daemons to a specific group, which basically
> stops what you are talking about. I think it is also possible
> to completely ignore a lmdown command since it would be possible
> to try all possible group ids.
>
> It is a bit of a problem that they set it up that way by default
> and since you need not run it as root, you should change the
> owner to something else, change the options and a clean up
> the way the log files work.
>
> You DO have the option of changing the functionality though,
> so you really can't blame them for your not looking at the
> man pages on the program.
>
>
>
> Kemasa.
>
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
