I have subsequently found the following: IY39090: IN MQ 5.2 ON AIX DURING INSTALL /USR/MQM DIRECTORY IS CREATED WITH PERMISSIONS 777 ROOT: SYSTEM. SHOULD BE DR-XR-XR-X MQM:MQM. IY39367: IN MQ 5.2 ON AIX DURING INSTALL /USR/MQM DIRECTORY IS CREATED WITH PERMISSIONS 777 ROOT: SYSTEM. SHOULD BE DR-XR-XR-X MQM:MQM
But this only talk about AIX, will this be the case on SUN SOLARIS as well????????????????? -----Original Message----- From: Kearns, Emile E Sent: 09 July 2003 01:44 To: 'MQSeries List' Subject: RE: World Writable File in MQ Directory - Security issue Importance: High Thanks Dave, Where are the IBM'ers on THIS??????????????????????? -----Original Message----- From: David C. Partridge [mailto:[EMAIL PROTECTED] Sent: 09 July 2003 01:15 To: [EMAIL PROTECTED] Subject: Re: World Writable File in MQ Directory - Security issue Any user needs to be able to create files in these directories in order for the MQ code to work. Is the issue that you are concerned about a DOS attack where a malicious user does an rmdir? The permissions I see on my Linux MQ 5.3 system for (most of) these directories are: drwxrwsrwx So (for most) the "sgid" bit is set, which means that files created in these directories have a group owner of mqm. However, the bit I was expecting to see set (and was not) was the "sticky bit" which would prevent a normal user from removing the directory or files in it they didn't create. So I suspect that your concern may be valid. Time for a "security/integrity" APAR? PS The permissions on the /var/mqm/qmgrs/QMGR directories were drwxrwxr-x and this should be OK! Dave Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive For information about the Standard Bank group visit our web site www.standardbank.co.za Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of the Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group.The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. I Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
