Full Disclosure mailing list archives

RE: Unsecure file permission of ZoneAlarm pro.

From: "John LaCour" <jlacour () zonelabs com>
Date: Fri, 20 Aug 2004 03:40:11 -0700

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is absolutely no security issue here.

ZoneAlarm does not rely on file permissions to protect
any configuration files.   Configuration files are protected 
by our TrueVector(r) driver in the kernel. 

In addition to protecting configuration files against 
unauthorized changes, there are additional integrity checks and other
protection mechanisms implemented for all policy configuration 
files.  Should any policy configuration files fail integrity
checks, the firewall will fail closed.

Again, no issue.

- --
John LaCour
Security Services Group Manager
Zone Labs LLC, A Check Point Company

From: bipin gautam [mailto:visitbipin () yahoo com] 
Sent: Thursday, August 19, 2004 7:51 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Unsecure file permission of ZoneAlarm
pro.  

Hello list,

Zone Alarm stores its config. files in
%windir%\Internet Logs\* . But strangely, 

ZoneAlarm sets the folder/file permission (NTFS) of 
%windir%\Internet Logs\* to,

EVERYONE: Full 

after its first started.

Even If you try to change the permission to...

Administrator (s): full
system: full
users: read and execute
[these are the default permissions] 

Strangely, the permission again changes back to...
EVERYONE: Full each time 

ZoneAlarm Pro (ZAP) is started. I've tested these in
zap 4.x and 5.x

      This could prove harmful if we have a malicious
program/user running with 

even with a user privilege on the system.

Well a malicious program could modify those config
file in a way ZAP will stop


[snip]

Bipin Gautam


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBQSXVCqeZbSyAsADEEQK9fgCeLLipKBn3Z7+PYj1E6GXkT0lubIgAnjCY
ssK9UOJxQn98yj/5x+tWiPzw
=OdxT
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Unsecure file permission of ZoneAlarm pro. bipin gautam (Aug 19)
- <Possible follow-ups>
- RE: Unsecure file permission of ZoneAlarm pro. John LaCour (Aug 20)
  - Re: Unsecure file permission of ZoneAlarm pro. Maarten (Aug 20)
    - Re: Unsecure file permission of ZoneAlarm pro. bipin gautam (Aug 20)
    - RE: Unsecure file permission of ZoneAlarm pro. Sean Crawford (Aug 20)
    - Re: Unsecure file permission of ZoneAlarm pro. Birl (Aug 20)
  - Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 20)
  - Re: Unsecure file permission of ZoneAlarm pro. stephane nasdrovisky (Aug 21)
    - Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 21)
    - Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
    - Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Chris Smith (Aug 23)
    - Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) James Greenhalgh (Aug 23)

(Thread continues...)