Bugtraq mailing list archives
Lotus Notes security hole
From: mag () BUNUEL TII MATAV HU (Magosanyi Arpad)
Date: Fri, 20 Mar 1998 16:11:00 +0100
Hi! Sorry if it is already reported. I have a Lotus Notes 4.5 (Intl) on a SunOS 5.5.1 Generic sun4m sparc SUNW,SPARCstation-10. The Notes client talks through shared memory with its various parts. IPC status from <running system> as of Fri Mar 20 16:07:47 1998 T ID KEY MODE OWNER GROUP Message Queues: Shared Memory: m 26113 0xf8000000 --rw-rw---- mag usr m 26114 0xf8000001 --rw-rw---- mag usr m 26115 0xf8000002 --rw-rw---- mag usr m 18948 0xf8000003 --rw-rw---- mag usr That means that anyone in my primary group can read and write those shmem segments. I hope it is not directly equivalent with mailbox being mode 660, but one never can be sure enough. Can someone shed some light on it? A workaround i can think of: make a private primary group for each user. It is recommended anyway. -- GNU GPL: csak tiszta forrásból
Current thread:
- Lotus Notes security hole Magosanyi Arpad (Mar 20)