[18123] in bugtraq
Re: J-Pilot Permissions Vulnerability
daemon@ATHENA.MIT.EDU (Rich Lafferty)
Mon Dec 18 16:31:18 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20001215184822.B23213@alcor.concordia.ca>
Date: Fri, 15 Dec 2000 18:48:22 -0500
Reply-To: Rich Lafferty <rich@ALCOR.CONCORDIA.CA>
From: Rich Lafferty <rich@ALCOR.CONCORDIA.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10012151151440.29307-100000@mastermind.inside.guardiandigital.com>; from
ryan@GUARDIANDIGITAL.COM on Fri, Dec 15, 2000 at 11:53:55AM -0500
On Fri, Dec 15, 2000 at 11:53:55AM -0500, Ryan W. Maple (ryan@GUARDIANDIGITAL.COM) wrote:
>
> I can verify this, and moreover it appears as if J-Pilot uses the users
> umask:
Isn't that *expected* behavior? umask is used to set the default
permission bits for file creation, and J-Pilot creates files with the
permissions you specify in your umask. If you don't want new files
created group-writeable, then set your umask so they're not!
> So the vulnerabiltiy is futhermore amplified if they are group-writable
> and there is a malicious user in the same group.
And just think, with a umask of 0, they're world-writeable. Never mind
that that's what you asked for..
-Rich
--
------------------------------ Rich Lafferty ---------------------------
Sysadmin/Programmer, Instructional and Information Technology Services
Concordia University, Montreal, QC (514) 848-7625
------------------------- rich@alcor.concordia.ca ----------------------
