[2620] in bugtraq
Re: Security problem in ESRI's ArcDoc 7.0.4
daemon@ATHENA.MIT.EDU (James W. Abendschan)
Sat May 25 18:44:27 1996
Date: Fri, 24 May 1996 19:07:46 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "James W. Abendschan" <jwa@nbs.nau.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Andrew Raphael <raphael@research.canon.com.au> "Re: Security
problem in ESRI's ArcDoc 7.0.4" (May 24, 6:20pm)
Way back on May 24, 6:20pm, Andrew Raphael wrote:
> >The program "fm_fls" as distributed with ESRI's "ArcDoc" package (7.0.4)
> >[...]
> >I've seen fm_fls distributed with other applications -- perhaps the
> >bug is not specific to ARC/Info?
>
> fm_fls is the FrameMaker license server. It's not setuid in my vanilla
> International FrameMaker installation, but the "chmod 666" behaviour
> is there. It just creates the log file owned by the first person to
> run FrameMaker.
In the tarfile from ESRI, the file is setuid, but owned by uid 46.
However, when my installation completed, it's owned by root. Blah.
James
--
James W. Abendschan Email: jwa@nbs.nau.edu
UNIX Systems Programmer/Administrator Phone: (520) 556-7466 x238
Colorado Plateau Research Station, Flagstaff, AZ Voice mail: *516
