Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Lotus Notes security hole

From: mag () BUNUEL TII MATAV HU (Magosanyi Arpad)
Date: Fri, 20 Mar 1998 16:11:00 +0100

Hi!

Sorry if it is already reported.

I have a Lotus Notes 4.5 (Intl) on a SunOS 5.5.1 Generic sun4m sparc
SUNW,SPARCstation-10.

The Notes client talks through shared memory with its various parts.

IPC status from <running system> as of Fri Mar 20 16:07:47 1998
T     ID     KEY        MODE       OWNER    GROUP
Message Queues:
Shared Memory:
m  26113 0xf8000000 --rw-rw----      mag      usr
m  26114 0xf8000001 --rw-rw----      mag      usr
m  26115 0xf8000002 --rw-rw----      mag      usr
m  18948 0xf8000003 --rw-rw----      mag      usr

That means that anyone in my primary group can read and write those shmem
segments. I hope it is not directly equivalent with mailbox being mode 660,
but one never can be sure enough.
Can someone shed some light on it?

A workaround i can think of: make a private primary group for each user. It
is recommended anyway.

--
GNU GPL: csak tiszta forrásból
Previous By Date Next
Previous By Thread Next

Current thread: