| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: stephane.nasdrovisky at paradigmo.com (stephane nasdrovisky) Subject: Unsecure file permission of ZoneAlarm pro. John LaCour wrote: > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >There is absolutely no security issue here. > >ZoneAlarm does not rely on file permissions to protect >any configuration files. Configuration files are protected >by our TrueVector(r) driver in the kernel. > >In addition to protecting configuration files against >unauthorized changes, there are additional integrity checks and other >protection mechanisms implemented for all policy configuration >files. Should any policy configuration files fail integrity >checks, the firewall will fail closed. > >Again, no issue. > > > >>Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely, >> >> Isn't it supposed to store logs ? My english knowledge is probably too poor. >>EVERYONE: Full >> >> As everybody knows, windows * is a single user system on which you can only install zonealarm, no other software, especially no software using this directory for storing any kind of information. As I understand the zap answer: Kidding with file permissions is not an issue on any os... unless, maybe, if you wish to use your system.
Powered by blists - more mailing lists