Date: Fri, 09 Apr 1999 07:40:06 -0600 From: Wes Peters <wes@softweyr.com> To: Daniel Hagan <dhagan@cs.vt.edu> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, Matthew Dillon <dillon@apollo.backplane.com>, Foxfair Hu <foxfair@news.ks.edu.tw>, freebsd-security@FreeBSD.ORG Subject: Re: Fw: Netscape 4.5 vulnerability Message-ID: <370E0336.83577BA7@softweyr.com> References: <Pine.OSF.4.02.9904090822170.21965-100000@vtopus.cs.vt.edu>
index | next in thread | previous in thread | raw e-mail
Daniel Hagan wrote:
>
> On Thu, 8 Apr 1999, Robert Watson wrote:
>
> > > The 'security hole' is that netscape doesn't make the .netscape
> > > directory 700. I'd report it to netscape. I dunno whether they
> > > will do anything about it, though.
> >
> > Huh. Didn't do that for me; mine is safely readable and writable only for
> > my uid.
>
> What's your umask? If you use umask 077, then this is what I would
> expect, but "typical" users who don't change it from 022 would probably
> end up with a 755 .netscape directory. Netscape should be smart enough to
> at least set the profile file to 600, if not the entire directory to 700.
My umask is 022 and my .netscape directory is 700. I didn't change it,
so Netscape must have created it that way. This is Communicator 4.5
(linux version; it's more reliable than the FreeBSD binary) on 3.1.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.softweyr.com/~softweyr wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?370E0336.83577BA7>