Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-4682

Permissions on multiple files/directories are poor (allow world-write, have setuid)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.8.12
    • Fix Version/s: 1.8.13, 1.9.90
    • Component/s: Build / Packaging
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None
    • Environment:
      FreeBSD 8.2 amd64
      java -version == openjdk version "1.6.0"

      Description

      Permissions on multiple files and directories allow world-write, and some have setuid/setgid as well.
      Examples include:
      mode 0777:
      opennms/bin
      opennms/etc/*

      mode 7777:
      /lib/*.jar

      I've checked with both bsdtar (default tar on FreeBSD) and gnutar (as installed by FreeBSD ports - archives/gtar), results appear to be the same.

        Attachments

          Activity

            People

            • Assignee:
              ranger Benjamin Reed
              Reporter:
              darkart Eric Hall
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: