Re: [as-devel] AS pipes

Albert Dorofeev (albert@tigr.net)
Tue, 3 Aug 1999 10:14:18 +0200

Messages sorted by: [ date ][ subject ][ author ]
Next message: "[as-devel] ---> gradients"
Previous message: Andrew Sullivan "Re: [as-devel] AS pipes"

Before being reported on Bugtraq there must be a fix for all
versions in the wide circulation. You should not post problems
to Bugtraq, you should post solutions. I suppose it is easy to
make a patch?

On Mon, Aug 02, 1999 at 12:27:29PM -0400, Andrew Sullivan wrote:
> Should this be reported on bugtraq?  It _does_ seem to be a serious
> security hole.
> 
> > I was looking at the pipe that AS creates to communicate with
> > the modules. It seems that the pipe allows anyone to connect 
> > to AS due to the permissions set on the file. Now, I do not
> > know how permissions on pipes are different from the permissions
> > on files. However, I would suggest, if possible, to create
> > the pipe with such permissions that only the owner can read and
> > write it. Alternatively, the non-configurable directory should
> > be not readable/writable/searchable for anyone else than the
> > owner. I see this as a serious security risk for I think you
> > can ask AS to do a lot of stuff...

-- 
Albert Dorofeev http://www.tigr.net/ http://bewoner.dma.be/Albert/
PGP fingerprint = C9 49 D0 F3 41 FA 8C D8  E9 5C 6A D4 F1 6D 65 15
  Anything good in life is either illegal, immoral or fattening.

Next message: "[as-devel] ---> gradients"
Previous message: Andrew Sullivan "Re: [as-devel] AS pipes"