Full Disclosure mailing list archives
Re: Unsecure file permission of ZoneAlarm pro.
From: stephane nasdrovisky <stephane.nasdrovisky () paradigmo com>
Date: Sat, 21 Aug 2004 13:39:50 +0200
John LaCour wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is absolutely no security issue here. ZoneAlarm does not rely on file permissions to protectany configuration files. Configuration files are protected by our TrueVector(r) driver in the kernel. In addition to protecting configuration files against unauthorized changes, there are additional integrity checks and other protection mechanisms implemented for all policy configuration files. Should any policy configuration files fail integritychecks, the firewall will fail closed. Again, no issue.Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely,
Isn't it supposed to store logs ? My english knowledge is probably too poor.
As everybody knows, windows * is a single user system on which you can only install zonealarm, no other software, especially no software using this directory for storing any kind of information. As I understand the zap answer: Kidding with file permissions is not an issue on any os... unless, maybe, if you wish to use your system.EVERYONE: Full
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Unsecure file permission of ZoneAlarm pro. bipin gautam (Aug 19)
- <Possible follow-ups>
- RE: Unsecure file permission of ZoneAlarm pro. John LaCour (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. Maarten (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. bipin gautam (Aug 20)
- RE: Unsecure file permission of ZoneAlarm pro. Sean Crawford (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. Birl (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. Maarten (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. stephane nasdrovisky (Aug 21)
- Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 21)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Chris Smith (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) James Greenhalgh (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Barrie Dempster (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Barrie Dempster (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)