Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unsecure file permission of ZoneAlarm pro.

From: stephane nasdrovisky <stephane.nasdrovisky () paradigmo com>
Date: Sat, 21 Aug 2004 13:39:50 +0200
John LaCour wrote:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is absolutely no security issue here.

ZoneAlarm does not rely on file permissions to protect
any configuration files. Configuration files are protected by our TrueVector(r) driver in the kernel. In addition to protecting configuration files against unauthorized changes, there are additional integrity checks and other protection mechanisms implemented for all policy configuration files. Should any policy configuration files fail integrity 
checks, the firewall will fail closed.

Again, no issue.
Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely, 
Isn't it supposed to store logs ? My english knowledge is probably too poor.
EVERYONE: Full
As everybody knows, windows * is a single user system on which you can only install zonealarm, no other software, especially no software using this directory for storing any kind of information. As I understand the zap answer: Kidding with file permissions is not an issue on any os... unless, maybe, if you wish to use your system. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: