Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-4682

Permissions on multiple files/directories are poor (allow world-write, have setuid)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.8.12
    • Fix Version/s: 1.8.13, 1.9.90
    • Component/s: Build / Packaging
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None
    • Environment:
      FreeBSD 8.2 amd64
      java -version == openjdk version "1.6.0"

      Description

      Permissions on multiple files and directories allow world-write, and some have setuid/setgid as well.
      Examples include:
      mode 0777:
      opennms/bin
      opennms/etc/*

      mode 7777:
      /lib/*.jar

      I've checked with both bsdtar (default tar on FreeBSD) and gnutar (as installed by FreeBSD ports - archives/gtar), results appear to be the same.

        Attachments

          Activity

            People

            Assignee:
            ranger Benjamin Reed
            Reporter:
            darkart Eric Hall (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: