From: Russell_C_Page@national.com.au
Date: Tue Oct 14 2003 - 21:17:32 EDT
I notice that /var/spool/pkg is world writable on our Solaris systems.
Surely this is a security problem. Any user could drop a package in there,
and then perhaps use some sort of social engineering attack to get an
administrator to run pkgadd?
Does anyone know why /var/spool/pkg is world writable?
Russell Page
Certified Solaris Network Administrator
IT Security Services
+61 3 9886 2401
Never interrupt an enemy when he is making a mistake.
-- Napolean Boneparte
_________________________________________________________________
The information contained in this email communication may be confidential.
You should only disclose, re-transmit, copy, distribute, act in reliance on
or commercialise the information if you are authorised to do so. Any views
expressed in this email communication are those of the individual sender,
except where the sender specifically states them to be the views of a
member of the National Australia Bank Group of companies. The National
Australia Bank Group of companies does not represent, warrant or guarantee
that the integrity of this communication has been maintained nor that the
communication is free of errors, virus or interference.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:17 EDT