[8296] in bugtraq
Re: License Manager's lockfiles (Solaris 2.5.1)
daemon@ATHENA.MIT.EDU (Don Lewis)
Mon Oct 26 14:12:26 1998
Date: Fri, 23 Oct 1998 21:14:06 -0700
Reply-To: Don Lewis <Don.Lewis@TSC.TDK.COM>
From: Don Lewis <Don.Lewis@TSC.TDK.COM>
X-To: Joel Eriksson <na98jen@STUDENT.HIG.SE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Joel Eriksson <na98jen@STUDENT.HIG.SE> "License Manager's
lockfiles (Solaris 2.5.1)" (Oct 21, 8:22pm)
On Oct 21, 8:22pm, Joel Eriksson wrote:
} Subject: License Manager's lockfiles (Solaris 2.5.1)
} License Manager on Solaris 2.5.1 tends to make stupid lockfiles owned by
} root and mode 666 (worldwrite'able). That is not good, since anyone could
} create rootowned files which they then would be able to modify. It's an
} even bigger problem since it just takes about a minute 'til the lockfile
} is created after it's replaced with a symlink which it follows ..
Highland has been recommending for ages that you not run the license
manager as root. If you follow their advise by running the license
manager under a dedicated non-privileged uid, you'll significantly
cut down on the potential damage.
