[8309] in bugtraq
Re: License Manager's lockfiles (Solaris 2.5.1)
daemon@ATHENA.MIT.EDU (Casper Dik)
Tue Oct 27 14:48:10 1998
Date: Tue, 27 Oct 1998 09:36:28 +0100
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To: Don Lewis <Don.Lewis@TSC.TDK.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Fri, 23 Oct 1998 21:14:06 PDT."
<199810240414.VAA22586@salsa.gv.tsc.tdk.com>
>On Oct 21, 8:22pm, Joel Eriksson wrote:
>} Subject: License Manager's lockfiles (Solaris 2.5.1)
>} License Manager on Solaris 2.5.1 tends to make stupid lockfiles owned by
>} root and mode 666 (worldwrite'able). That is not good, since anyone could
>} create rootowned files which they then would be able to modify. It's an
>} even bigger problem since it just takes about a minute 'til the lockfile
>} is created after it's replaced with a symlink which it follows ..
>
>Highland has been recommending for ages that you not run the license
>manager as root. If you follow their advise by running the license
>manager under a dedicated non-privileged uid, you'll significantly
>cut down on the potential damage.
And that has been addressed in the following Sun patches:
104217-01: FLEXlm (SUNWlicsw, SUNWlit) 4.1: CERT security advisory patch
104829-01: FLEXlm 4.1: Licensing (SUNWlicsw, SUNWlit) Jumbo Patch for Solaris SPARC
104830-01: FLEXlm Licensing (SUNWlicsw, SUNWlit) Jumbo Patch for Solaris Intel
