Re: [as-devel] AS pipes

Andrew Sullivan (asullivan@sprint.ca)
Mon, 2 Aug 1999 12:27:29 -0400 (EDT)

Messages sorted by: [ date ][ subject ][ author ]
Next message: Albert Dorofeev "Re: [as-devel] AS pipes"
Previous message: Ethan "Re: [as-devel] AS pipes"

Should this be reported on bugtraq?  It _does_ seem to be a serious
security hole.

----
Andrew Sullivan | asullivan@sprint.ca (home)| sullivana@bpl.on.ca (work)
                                   *  *  *
AfterStep FAQ: http://afterstep.davidv.net or http://www.afterstep.org/FAQ 


On Mon, 2 Aug 1999, Albert Dorofeev wrote:

> Hi!
> 
> I was looking at the pipe that AS creates to communicate with
> the modules. It seems that the pipe allows anyone to connect 
> to AS due to the permissions set on the file. Now, I do not
> know how permissions on pipes are different from the permissions
> on files. However, I would suggest, if possible, to create
> the pipe with such permissions that only the owner can read and
> write it. Alternatively, the non-configurable directory should
> be not readable/writable/searchable for anyone else than the
> owner. I see this as a serious security risk for I think you
> can ask AS to do a lot of stuff...
> 
> Tigr
> 
> -- 
> Albert Dorofeev http://www.tigr.net/ http://bewoner.dma.be/Albert/
> PGP fingerprint = C9 49 D0 F3 41 FA 8C D8  E9 5C 6A D4 F1 6D 65 15
>   Anything good in life is either illegal, immoral or fattening.
> 
>

Next message: Albert Dorofeev "Re: [as-devel] AS pipes"
Previous message: Ethan "Re: [as-devel] AS pipes"