Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-4682

Permissions on multiple files/directories are poor (allow world-write, have setuid)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 1.8.12
    • 1.8.13, 1.9.90
    • Build / Packaging
    • Security Level: Default (Default Security Scheme)
    • None
    • FreeBSD 8.2 amd64
      java -version == openjdk version "1.6.0"

    Description

      Permissions on multiple files and directories allow world-write, and some have setuid/setgid as well.
      Examples include:
      mode 0777:
      opennms/bin
      opennms/etc/*

      mode 7777:
      /lib/*.jar

      I've checked with both bsdtar (default tar on FreeBSD) and gnutar (as installed by FreeBSD ports - archives/gtar), results appear to be the same.

      Attachments

        Activity

          People

            ranger Benjamin Reed
            darkart Eric Hall (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: