Re: vmware bug?

From: Justin Nelson (security@jm4n.com)
Date: 07/31/01


Message-ID: <003901c119d8$f7e5afe0$0600a8c0@justin.net>
From: "Justin Nelson" <security@jm4n.com>
To: <bugtraq@securityfocus.com>
Subject: Re: vmware bug?
Date: Tue, 31 Jul 2001 11:53:40 -0400


>> but... stealing another users license is easy...
>> the license2.0 file in the home directory is 644 too...

I'm pretty sure the license file is something you copy into your home
directory yourself -- so just like any other file you put on your machine,
precautions should be taken to make sure only those authorized should be
able to view the file.

The only thing I'd possibly recommend to the vendor would be to note this in
the instructions sent with the license file...

Sincerely,
Justin Nelson, SFE Software
http://www.vdj.net
Justin@VDJ.Net