fP 5.6 shipping with insecure modes?
Brian K. White
brian at aljex.com
Fri Jul 7 09:18:28 PDT 2006
----- Original Message -----
From: "Fairlight" <fairlite at fairlite.com>
To: "filePro Mailing List" <filepro-list at lists.celestial.com>
Sent: Friday, July 07, 2006 8:44 AM
Subject: fP 5.6 shipping with insecure modes?
> Here I thought things were getting better, but no. I've found this on two
> systems now:
>
> drwxrw-rw- 0766 filepro (200) : root (0) /appl/fp_v5.6.b6D4/spell
> -rwxrw-rw- 0766 filepro (200) : root (0)
> /appl/fp_v5.6.b6D4/spell/dict.hsh
>
> What's more, I just looked to see if they fixed a LONG outstanding bug of
> which I've groused more than a few times, but nope...no fix:
>
> -rw-rw-rw- 1 root filepro 1739 Mar 10 16:16
> /appl/fp_v5.6/lib/config
>
> One hopes people take the appropriate steps, both at fP-Tech, and at sites
> deploying the software.
>
> Exports are apparently still going out with 0666 modes as well, based on
> what I'm seeing.
>
> When are the security issues with filePro going to be addressed. I'd like
> to know. Actually, what's the point in having encryption in a product
> whose files are installed insecurely by default? Does the left hand even
> know what the right foot is doing?
>
> Prior to 5.6, we just had exports and the config file wrong. Now folks
> get
> the benefit of insecure spell checker files as well. That's comforting.
> So glad we're headed in the right direction.
>
> When I -locate- my joy, I'll try to contain it.
Why can't you just say you think these files should have better security?
And along the way maybe an example of why anyone should care how secure the
spell checker dictionary is?
Brian K. White -- brian at aljex.com -- http://www.aljex.com/bkw/
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro BBx Linux SCO FreeBSD #callahans Satriani Filk!
More information about the Filepro-list
mailing list