Date: Fri, 9 Apr 1999 08:40:04 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Daniel Hagan <dhagan@cs.vt.edu> Cc: Matthew Dillon <dillon@apollo.backplane.com>, Foxfair Hu <foxfair@news.ks.edu.tw>, freebsd-security@FreeBSD.ORG Subject: Re: Fw: Netscape 4.5 vulnerability Message-ID: <Pine.BSF.3.96.990409083923.19913A-100000@fledge.watson.org> In-Reply-To: <Pine.OSF.4.02.9904090822170.21965-100000@vtopus.cs.vt.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 9 Apr 1999, Daniel Hagan wrote: > On Thu, 8 Apr 1999, Robert Watson wrote: > > > > The 'security hole' is that netscape doesn't make the .netscape > > > directory 700. I'd report it to netscape. I dunno whether they > > > will do anything about it, though. > > > > Huh. Didn't do that for me; mine is safely readable and writable only for > > my uid. > > What's your umask? If you use umask 077, then this is what I would > expect, but "typical" users who don't change it from 022 would probably > end up with a 755 .netscape directory. Netscape should be smart enough to > at least set the profile file to 600, if not the entire directory to 700. Well, it's 077 on my multi-user machines, but 022 on the notebook which I tested on. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990409083923.19913A-100000>