Bugtraq mailing list archives
J-Pilot Permissions Vulnerability
From: Weston Pawlowski <bug () WESTON CX>
Date: Thu, 14 Dec 2000 08:21:22 -0000
J-Pilot automatically creates a ".jpilot" directory in the user's home directory to store preferences and backed up PalmOS device data. The permissions for this directory are mode 755, and files in the directory are mode 644; this allows anyone with only minimal access to the user's home directory to also access thier PalmOS device's backup data, including private records. Because ".jpilot" is often hidden due to the leading '.', this insecurity is often unnoticed. This is a big concern for J-Pilot users because it is common for home directories to be world executable, often due to a "public_html" directory for HTTP content which requires the user's home directory to be at least world executable. So in summary, if there is a user named "joe" who uses J-Pilot, any user on the system could type "cd +AH4-joe/.jpilot" and read all of joe's PalmOS data including private records. This is dependant on joe's home directory being world executable or not, but it often is. The good news is that it's probably not very common for someone to sync their PalmOS device on a system that many, if any, other people have shell access to. But, if this situation does happen, the vulnerable user is likely to be the owner of the machine (since he has to be local), and there's the possibility that he may keep a password list on his PalmOS device. In which case, any user could get the system admin's passwords, which obviously may include the system's root password. The fix is to simply type "chmod 700 +AH4-/.jpilot" -Weston
Current thread:
- J-Pilot Permissions Vulnerability Weston Pawlowski (Dec 15)
- Re: J-Pilot Permissions Vulnerability Ryan W. Maple (Dec 16)
- Re: J-Pilot Permissions Vulnerability Judd Montgomery (Dec 16)
- Re: J-Pilot Permissions Vulnerability Robert Bihlmeyer (Dec 19)
- Re: J-Pilot Permissions Vulnerability Rich Lafferty (Dec 18)
- Re: J-Pilot Permissions Vulnerability Christopher Palmer (Dec 19)
- Re: J-Pilot Permissions Vulnerability Judd Montgomery (Dec 16)
- Re: J-Pilot Permissions Vulnerability Christian (Dec 18)
- <Possible follow-ups>
- Re: J-Pilot Permissions Vulnerability Weston Pawlowski (Dec 18)
- Re: J-Pilot Permissions Vulnerability Scott Nelson (Dec 20)
- Re: J-Pilot Permissions Vulnerability Ryan W. Maple (Dec 16)