RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.
From: John LaCour (jlacour_at_zonelabs.com)
Date: 08/20/04
- Previous message: Niek Baakman: "Re: [Full-Disclosure] Yahoo mail defacement?"
- Maybe in reply to: bipin gautam: "[Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Next in thread: Maarten: "Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Reply: Maarten: "Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Reply: James Tucker: "Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Reply: stephane nasdrovisky: "Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "bipin gautam" <visitbipin@yahoo.com>, <full-disclosure@lists.netsys.com> Date: Fri, 20 Aug 2004 03:40:11 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There is absolutely no security issue here.
ZoneAlarm does not rely on file permissions to protect
any configuration files. Configuration files are protected
by our TrueVector(r) driver in the kernel.
In addition to protecting configuration files against
unauthorized changes, there are additional integrity checks and other
protection mechanisms implemented for all policy configuration
files. Should any policy configuration files fail integrity
checks, the firewall will fail closed.
Again, no issue.
- --
John LaCour
Security Services Group Manager
Zone Labs LLC, A Check Point Company
> From: bipin gautam [mailto:visitbipin@yahoo.com]
> Sent: Thursday, August 19, 2004 7:51 PM
> To: full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] Unsecure file permission of ZoneAlarm
> pro.
>
>
> Hello list,
>
> Zone Alarm stores its config. files in
> %windir%\Internet Logs\* . But strangely,
>
> ZoneAlarm sets the folder/file permission (NTFS) of
> %windir%\Internet Logs\* to,
>
> EVERYONE: Full
>
> after its first started.
>
> Even If you try to change the permission to...
>
> Administrator (s): full
> system: full
> users: read and execute
> [these are the default permissions]
>
> Strangely, the permission again changes back to...
> EVERYONE: Full each time
>
> ZoneAlarm Pro (ZAP) is started. I've tested these in
> zap 4.x and 5.x
>
> This could prove harmful if we have a malicious
> program/user running with
>
> even with a user privilege on the system.
>
> Well a malicious program could modify those config
> file in a way ZAP will stop
>
[snip]
> Bipin Gautam
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQA/AwUBQSXVCqeZbSyAsADEEQK9fgCeLLipKBn3Z7+PYj1E6GXkT0lubIgAnjCY
ssK9UOJxQn98yj/5x+tWiPzw
=OdxT
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Niek Baakman: "Re: [Full-Disclosure] Yahoo mail defacement?"
- Maybe in reply to: bipin gautam: "[Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Next in thread: Maarten: "Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Reply: Maarten: "Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Reply: James Tucker: "Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Reply: stephane nasdrovisky: "Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
