Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: HP/UX :: audiosec.htm

HP-UX Audio Security File bad privileges bug



Vulnerability

    /etc/opt/audio/audio.sec

Affected

    HP9000 Series 7/800 running HP-UX releases 10.X and 11.X

Description

    Following is based on HP  Support Information Digests.  The  Audio
    Security File, /etc/opt/audio/audio.sec, is created by the asecure
    program with 666 permissions.  This allows root to add any user as
    a privileged user via the asecure program.  Those privileged users
    can make changes to their audio security File via asecure.   Since
    asecure  has  555  permissions,  /etc/opt/audio/audio.sec  must be
    world writable to implement the privileged user feature.

Solution

    The  capability  to  designate  privileged  users will probably be
    removed in  a future  patch.   The asecure  program would continue
    to have 555 permissions and  would create the Audio Security  File
    with 444 permissions.   Only the root user  would be able to  make
    changes to the Audio Security  File.  Until patches are  available
    recommended solution is, as root:

        chmod 444 /etc/opt/audio/audio.sec

    This  must  be  done  each  time  the  /etc/opt/audio/audio.sec is
    created via  the "asecure  -C" command.   After the  permission is
    changed,   only   the   root   user   will   be   able  to  modify
    /etc/opt/audio/audio.sec.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH