[Xymon] XyMon client binaries default security is bad
Jeremy Laidman
jlaidman at rebel-it.com.au
Fri Mar 1 04:37:31 CET 2013
What's wrong with non-xymon users executing these commands? What harm
could it do?
On 1 March 2013 08:59, Andrey Chervonets <a.chervonets at cominder.eu> wrote:
> upgraded XyMon (clinet) to 4.3.10 (the same was at least in 4.3.5) and
> notices all files in bin can read and execute privileges to everyone:
>
> ls -l client/bin/
> total 1840
> -rwxr-xr-x 1 xymon monitor 161079 Feb 28 21:08 clientupdate
> -rwxr-xr-x 1 xymon monitor 200250 Feb 28 21:08 logfetch
> -rwxr-xr-x 1 xymon monitor 151256 Feb 28 21:08 msgcache
> -rwxr-xr-x 1 xymon monitor 153905 Feb 28 21:08 orcaxymon
> -rwxr-xr-x 1 xymon monitor 156173 Feb 28 21:08 xymon
> -rwxr-xr-x 1 xymon monitor 133445 Feb 28 21:08 xymoncfg
> ....
>
> I suppose it depends on umask setting during installation, but I would be
> more happy if installation process setup more secured configuration
> regardless of default settings.
> At least: -rwxr-x---
>
>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130301/9e26a7eb/attachment.html>
More information about the Xymon
mailing list