[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] raq3 bug: reactivating a domain with disabled users
- Subject: [cobalt-security] raq3 bug: reactivating a domain with disabled users
- From: Josep Maria <jfrigola@xxxxxxxxxx>
- Date: Fri, 5 Mar 2004 23:04:31 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I have just found a bug in the control panel of RAQ3.
If you disable a domain and then you decide to disable each user one by one
and enable the domain again, the users are shown disabled but in fact all
access is permitted. I think that the reason is that it does chmod 755 to all
users and they are supposed to be kept 000.
Can anyone confirm this?
Thank you.