Bugtraq mailing list archives
Re: License Manager's lockfiles (Solaris 2.5.1)
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Tue, 27 Oct 1998 09:36:28 +0100
On Oct 21, 8:22pm, Joel Eriksson wrote: } Subject: License Manager's lockfiles (Solaris 2.5.1) } License Manager on Solaris 2.5.1 tends to make stupid lockfiles owned by } root and mode 666 (worldwrite'able). That is not good, since anyone could } create rootowned files which they then would be able to modify. It's an } even bigger problem since it just takes about a minute 'til the lockfile } is created after it's replaced with a symlink which it follows .. Highland has been recommending for ages that you not run the license manager as root. If you follow their advise by running the license manager under a dedicated non-privileged uid, you'll significantly cut down on the potential damage.
And that has been addressed in the following Sun patches: 104217-01: FLEXlm (SUNWlicsw, SUNWlit) 4.1: CERT security advisory patch 104829-01: FLEXlm 4.1: Licensing (SUNWlicsw, SUNWlit) Jumbo Patch for Solaris SPARC 104830-01: FLEXlm Licensing (SUNWlicsw, SUNWlit) Jumbo Patch for Solaris Intel
Current thread:
- Re: License Manager's lockfiles (Solaris 2.5.1) Don Lewis (Oct 23)
- Another nice tmp race Stefan Laudat (Oct 21)
- Re: Another nice tmp race Patrick J. Volkerding (Oct 27)
- Re: Another nice tmp race Solar Designer (Oct 27)
- Re: Another nice tmp race Glynn Clements (Oct 28)
- Re: License Manager's lockfiles (Solaris 2.5.1) Casper Dik (Oct 27)
- <Possible follow-ups>
- Re: License Manager's lockfiles (Solaris 2.5.1) Don Lewis (Oct 23)
- Another nice tmp race Stefan Laudat (Oct 21)