Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: VMware server (2.0.2) insecure file creation
From: Valdis.Kletnieks () vt edu
Date: Thu, 07 Jan 2010 11:53:09 -0500

On Wed, 06 Jan 2010 11:07:07 -0400, dd () sucuri net said:
Have anyone noticed that the files created by the VMware server
installer all have the 777 permissions
to it?

Check your umask?

% ls -l /usr/lib/vmware/hostd/docroot/print.css
-r--r--r--. 1 root root 793 Dec 21 16:08 /usr/lib/vmware/hostd/docroot/print.css

I'm running with 'umask 022' - is yours set to 0?

(Yes, the install script *should* set the umask itself).

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault