[ut2003io] Updater makes files world-writable
jason at vbclown.com
Wed Nov 20 23:30:26 EST 2002
From: Ian Hastie [mailto:ianh at ordinal.freeserve.co.uk]
Sent: Wednesday, November 20, 2002 5:12 PM
To: ut2003 at icculus.org
Subject: Re: [ut2003io] Updater makes files world-writable
Matthew Arnold wrote:
> I was perusing my /var/log/messages and saw a bunch of warnings about
> a number of files being world-writable. It seems that every file the
> UT2K3 updater touches gets its permissions changed to 777. I don't
> know how much of a security threat this is, but it probably isn't A
> Good Thing.
After receiving this warning I checked and can definitely say it didn't
happen here. Seems odd that it would make them all 777 too. umask
As to the security threat. Well you never run UT2k3 as root do you?
Apart from that you'd need full user access to the system in order to
modify the file and that wouldn't really get you anything extra. I know
this isn't always the case, but it's a lot harder to do otherwise. Even
so it definitley isn't a Good Thing!
More information about the ut2003