Full Disclosure mailing list archives

Re: VMware server (2.0.2) insecure file creation

From: Valdis.Kletnieks () vt edu
Date: Thu, 07 Jan 2010 11:53:09 -0500

On Wed, 06 Jan 2010 11:07:07 -0400, dd () sucuri net said:

Have anyone noticed that the files created by the VMware server
installer all have the 777 permissions
to it?


Check your umask?

% ls -l /usr/lib/vmware/hostd/docroot/print.css
-r--r--r--. 1 root root 793 Dec 21 16:08 /usr/lib/vmware/hostd/docroot/print.css

I'm running with 'umask 022' - is yours set to 0?

(Yes, the install script *should* set the umask itself).

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

VMware server (2.0.2) insecure file creation dd (Jan 07)
- Re: VMware server (2.0.2) insecure file creation Valdis . Kletnieks (Jan 07)