Security Basics mailing list archives
RE: Root usage and applications
From: "Kain, Becki (B.)" <bkain1 () ford com>
Date: Thu, 17 Nov 2005 08:50:16 -0500
What, if any, exploits have been shown for the decendant of HPOV, IBM Tivoli Netview, which also runs as root? Tia! -Becki Kain -----Original Message----- From: Barrie Dempster [mailto:barrie () reboot-robot net] Sent: Wednesday, November 16, 2005 5:43 AM To: Keenan Smith Cc: security-basics () securityfocus com Subject: Re: Root usage and applications On Fri, 2005-11-11 at 10:35 -0500, Keenan Smith wrote:
Since an application like OpenView is required to be available from every node in a network, running it as root seems to me like a pretty big vulnerability, if someone were to identify a hole and exploit it.
To begin with we have Precedent: http://www.ngssoftware.com/advisories/hpovrma.txt http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01138 So this is not a "what if" situation.
Current thread:
- RE: Root usage and applications Kain, Becki (B.) (Nov 17)
- RE: Root usage and applications Barrie Dempster (Nov 21)