[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200408201453.38470.fulldisc@ultratux.org>
From: fulldisc at ultratux.org (Maarten)
Subject: Unsecure file permission of ZoneAlarm pro.
On Friday 20 August 2004 12:40, John LaCour wrote:
> There is absolutely no security issue here.
>
> ZoneAlarm does not rely on file permissions to protect
> any configuration files. Configuration files are protected
> by our TrueVector(r) driver in the kernel.
Which is, of course, completely utterly infallible so any additional means are
not only unneccessary, but even unwanted.
> In addition to protecting configuration files against
> unauthorized changes, there are additional integrity checks and other
> protection mechanisms implemented for all policy configuration
> files. Should any policy configuration files fail integrity
> checks, the firewall will fail closed.
So effectively, you're unlocking the car doors because it is equipped with a
series of alarmsystems. And even if the owner locks the car doors manually,
upon activation, the alarm system unlocks them again ?
> Again, no issue.
You must have a screw loose somewhere. Seriously.
Maarten
Powered by blists - more mailing lists