full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] VMware server (2.0.2)

Re: [Full-disclosure] VMware server (2.0.2) insecure file creation

From: <Valdis.Kletnieks_at_nospam>
Date: Thu Jan 07 2010 - 16:53:09 GMT
To: dd@sucuri.net


On Wed, 06 Jan 2010 11:07:07 -0400, dd@sucuri.net said:
> Have anyone noticed that the files created by the VMware server
> installer all have the 777 permissions
> to it?

Check your umask?

% ls -l /usr/lib/vmware/hostd/docroot/print.css -r--r--r--. 1 root root 793 Dec 21 16:08 /usr/lib/vmware/hostd/docroot/print.css

I'm running with 'umask 022' - is yours set to 0?

(Yes, the install script *should* set the umask itself).



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/