Date: Fri, 9 Apr 1999 08:24:40 -0400 (EDT) From: Daniel Hagan <dhagan@cs.vt.edu> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Matthew Dillon <dillon@apollo.backplane.com>, Foxfair Hu <foxfair@news.ks.edu.tw>, freebsd-security@FreeBSD.ORG Subject: Re: Fw: Netscape 4.5 vulnerability Message-ID: <Pine.OSF.4.02.9904090822170.21965-100000@vtopus.cs.vt.edu> In-Reply-To: <Pine.BSF.3.96.990408222051.17455A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 8 Apr 1999, Robert Watson wrote: > > The 'security hole' is that netscape doesn't make the .netscape > > directory 700. I'd report it to netscape. I dunno whether they > > will do anything about it, though. > > Huh. Didn't do that for me; mine is safely readable and writable only for > my uid. What's your umask? If you use umask 077, then this is what I would expect, but "typical" users who don't change it from 022 would probably end up with a 755 .netscape directory. Netscape should be smart enough to at least set the profile file to 600, if not the entire directory to 700. Daniel -- Daniel Hagan Computer Systems Engineer dhagan@cs.vt.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.02.9904090822170.21965-100000>