Bugtraq mailing list archives
Re: J-Pilot Permissions Vulnerability
From: Weston Pawlowski <bug () WESTON CX>
Date: Sat, 16 Dec 2000 10:19:57 -0000
I attempted to contact the vendor, but got an automated error reply, so I'm not sure if it got through or not. I assumed his e-mail address was no longer valid, but I see that he posted here with it, so it apparently is. In any case, thanks for mentioning that the problem is just from the umask; that's something I forgot to include in my post. Obviously, it's always a good idea to set your umask to something a little more secure, but I've encountered lots of clueless people using Linux who wouldn't know why or even how to set the umask. On top of that, the ".jpilot" directory is commonly hidden. So, I think it's generally a good practice to override the umask in the name of security when automatically creating hidden directories and files that may contain private information. PalmOS "private" records aren't very secure to begin with, but that doesn't mean we should make them even more insecure by exposing them on the computer it syncs with. Even if you encrypt things on your PalmOS handheld, there are passwords stored in places, such as preferance data, that can't be easily encrypted. For example: ISP passwords are stored in ".jpilot/Backup/NetworkDB.pdb" -Weston
Did you contct the vendor? I have Cc:'d him on
this as you make no
mention of it in your message. I can verify this, and moreover it appears as if
J-Pilot uses the users
umask: [rwm@ryan rwm]$ umask 002 [rwm@ryan rwm]$ ls -la .jpilot total 36 drwxrwxr-x 2 rwm rwm 4096 Dec
13 13:44 .
drwxr-xr-x 100 rwm rwm 8192 Dec
14 16:49 ..
- -rw-rw-r-- 1 rwm rwm 0 Dec
13 13:43 AddressDB.pc
- -rw-rw-r-- 1 rwm rwm 719 Dec
13 13:43 AddressDB.pdb
<... snip ...> So the vulnerabiltiy is futhermore amplified if
they are group-writable
and there is a malicious user in the same group. Cheers, Ryan +-- --- --- --- --- --- --- --- --- --- --- ---
--- --- --- --- --- --
Ryan W. Maple "I dunno, I dream in
Perl sometimes..." -LW
Guardian Digital, Inc.
ryan () guardiandigital com
+-- --- --- --- --- --- --- --- --- --- --- ---
--- --- --- --- --- --
Current thread:
- J-Pilot Permissions Vulnerability Weston Pawlowski (Dec 15)
- Re: J-Pilot Permissions Vulnerability Ryan W. Maple (Dec 16)
- Re: J-Pilot Permissions Vulnerability Judd Montgomery (Dec 16)
- Re: J-Pilot Permissions Vulnerability Robert Bihlmeyer (Dec 19)
- Re: J-Pilot Permissions Vulnerability Rich Lafferty (Dec 18)
- Re: J-Pilot Permissions Vulnerability Christopher Palmer (Dec 19)
- Re: J-Pilot Permissions Vulnerability Judd Montgomery (Dec 16)
- Re: J-Pilot Permissions Vulnerability Christian (Dec 18)
- <Possible follow-ups>
- Re: J-Pilot Permissions Vulnerability Weston Pawlowski (Dec 18)
- Re: J-Pilot Permissions Vulnerability Scott Nelson (Dec 20)
- Re: J-Pilot Permissions Vulnerability Ryan W. Maple (Dec 16)