fP 5.6 shipping with insecure modes?
Fairlight
fairlite at fairlite.com
Fri Jul 7 05:44:30 PDT 2006
Here I thought things were getting better, but no. I've found this on two
systems now:
drwxrw-rw- 0766 filepro (200) : root (0) /appl/fp_v5.6.b6D4/spell
-rwxrw-rw- 0766 filepro (200) : root (0) /appl/fp_v5.6.b6D4/spell/dict.hsh
What's more, I just looked to see if they fixed a LONG outstanding bug of
which I've groused more than a few times, but nope...no fix:
-rw-rw-rw- 1 root filepro 1739 Mar 10 16:16 /appl/fp_v5.6/lib/config
One hopes people take the appropriate steps, both at fP-Tech, and at sites
deploying the software.
Exports are apparently still going out with 0666 modes as well, based on
what I'm seeing.
When are the security issues with filePro going to be addressed. I'd like
to know. Actually, what's the point in having encryption in a product
whose files are installed insecurely by default? Does the left hand even
know what the right foot is doing?
Prior to 5.6, we just had exports and the config file wrong. Now folks get
the benefit of insecure spell checker files as well. That's comforting.
So glad we're headed in the right direction.
When I -locate- my joy, I'll try to contain it.
mark->
--
Fairlight-> ||| "Erradicate the facists..." -- | Fairlight Consulting
__/\__ ||| Tate/Queensryche |
<__<>__> ||| | http://www.fairlite.com
\/ ||| | info at fairlite.com
More information about the Filepro-list
mailing list