Full Disclosure mailing list archives
Re: Unsecure file permission of ZoneAlarm pro.
From: Maarten <fulldisc () ultratux org>
Date: Fri, 20 Aug 2004 14:53:38 +0200
On Friday 20 August 2004 12:40, John LaCour wrote:
There is absolutely no security issue here. ZoneAlarm does not rely on file permissions to protect any configuration files. Configuration files are protected by our TrueVector(r) driver in the kernel.
Which is, of course, completely utterly infallible so any additional means are not only unneccessary, but even unwanted.
In addition to protecting configuration files against unauthorized changes, there are additional integrity checks and other protection mechanisms implemented for all policy configuration files. Should any policy configuration files fail integrity checks, the firewall will fail closed.
So effectively, you're unlocking the car doors because it is equipped with a series of alarmsystems. And even if the owner locks the car doors manually, upon activation, the alarm system unlocks them again ?
Again, no issue.
You must have a screw loose somewhere. Seriously. Maarten _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Unsecure file permission of ZoneAlarm pro. bipin gautam (Aug 19)
- <Possible follow-ups>
- RE: Unsecure file permission of ZoneAlarm pro. John LaCour (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. Maarten (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. bipin gautam (Aug 20)
- RE: Unsecure file permission of ZoneAlarm pro. Sean Crawford (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. Birl (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. Maarten (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. stephane nasdrovisky (Aug 21)
- Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 21)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Chris Smith (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) James Greenhalgh (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Barrie Dempster (Aug 23)