[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.
From: Maarten <fulldisc@xxxxxxxxxxxx>
Date: Fri, 20 Aug 2004 14:53:38 +0200

On Friday 20 August 2004 12:40, John LaCour wrote:
> There is absolutely no security issue here.
>
> ZoneAlarm does not rely on file permissions to protect
> any configuration files.   Configuration files are protected
> by our TrueVector(r) driver in the kernel.

Which is, of course, completely utterly infallible so any additional means are 
not only unneccessary, but even unwanted. 

> In addition to protecting configuration files against
> unauthorized changes, there are additional integrity checks and other
> protection mechanisms implemented for all policy configuration
> files.  Should any policy configuration files fail integrity
> checks, the firewall will fail closed.

So effectively, you're unlocking the car doors because it is equipped with a 
series of alarmsystems.  And even if the owner locks the car doors manually, 
upon activation, the alarm system unlocks them again ?

> Again, no issue.

You must have a screw loose somewhere.  Seriously.

Maarten

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.
  - From: bipin gautam

References:
- RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.
  - From: John LaCour

Prev by Date: RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.
Next by Date: Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.
Previous by thread: RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.
Next by thread: Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.
Index(es):
- Date
- Thread