Re: [Full-disclosure] VMware server (2.0.2) insecure file creation

From: <Valdis.Kletnieks_at_nospam>
Date: Thu Jan 07 2010 - 16:53:09 GMT
To: dd@sucuri.net

On Wed, 06 Jan 2010 11:07:07 -0400, dd@sucuri.net said:
> Have anyone noticed that the files created by the VMware server
> installer all have the 777 permissions
> to it?

Check your umask?

% ls -l /usr/lib/vmware/hostd/docroot/print.css -r--r--r--. 1 root root 793 Dec 21 16:08 /usr/lib/vmware/hostd/docroot/print.css

I'm running with 'umask 022' - is yours set to 0?

(Yes, the install script *should* set the umask itself).

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Jeffrey Walton: "Re: [Full-disclosure] iiscan"
Previous message: Dan Kaminsky: "Re: [Full-disclosure] Geolocation Question"
In reply to: dd_at_nospam: "[Full-disclosure] VMware server (2.0.2) insecure file creation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]