[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] raq3 bug: reactivating a domain with disabled users

Subject: [cobalt-security] raq3 bug: reactivating a domain with disabled users
From: Josep Maria <jfrigola@xxxxxxxxxx>
Date: Fri, 5 Mar 2004 23:04:31 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I have just found a bug in the control panel of RAQ3.
If you disable a domain and then you decide to disable each user one by one 
and enable the domain again, the users are shown disabled but in fact all 
access is permitted. I think that the reason is that it does chmod 755 to all 
users and they are supposed to be kept 000.

Can anyone confirm this?
Thank you.

References:
- RE: [cobalt-security] Email Issues - Bogus, but confusing to users... Could confuse yours !
  - From: James Zawacki

Prev by Date: RE: [cobalt-security] Email Issues - Bogus, but confusing to users... Could confuse yours !
Next by Date: Re: [cobalt-security] Re: crond recently patched?
Previous by thread: RE: [cobalt-security] Email Issues - Bogus, but confusing to users... Could confuse yours !
Next by thread: [cobalt-security] crond recently patched?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index