Project Home
Project Home		 Wiki
Wiki		 Discussion Forums
Discussions		 Project Information
Project Info
QNX RTOS v4 [EOL]/Discussion/General/QNX world writable files on Product Suite 2009/List of Posts
Forum Topic - QNX world writable files on Product Suite 2009: (5 Items)
   
Update
Kevin Warkentin(deleted)
11/15/2011 1:25 PM
post90099
QNX world writable files on Product Suite 2009   
Hi:

We have a security conscious customer that was interested in minimizing the number of world writable files (i.e. -rw-rw-
rw-  ) found in the QNX Product Suite 2009.

We found that Proc32 was a world writable file.
-rw-rw-rw-  1 root      root         132766 Jul 18  2005 /boot/sys/Proc32

My question is if I execute :  chmod o-w /boot/sys/Proc32
will this have serious repercussions for the OS or is this something that could be done without harm.
I'm looking for feedback so I can respond to my customer.


Thanks,
  Kevin
Oleg Bolshakov
11/15/2011 1:52 PM
post90101
QNX world writable files on Product Suite 2009   
Hi Kevin,

As far as I know Proc32 is required on host system to build boot image (.boot 
and .altboot). The Proc32 file is not required on target system.

-- 
Respectfully,
Oleg

> Hi:
> 
> We have a security conscious customer that was interested in minimizing the 
number of world writable files (i.e. -rw-rw-rw-  ) found in the QNX Product 
Suite 2009.
> 
> We found that Proc32 was a world writable file.
> -rw-rw-rw-  1 root      root         132766 Jul 18  2005 /boot/sys/Proc32
> 
> My question is if I execute :  chmod o-w /boot/sys/Proc32
> will this have serious repercussions for the OS or is this something that 
could be done without harm.
> I'm looking for feedback so I can respond to my customer.
> 
> 
> Thanks,
>   Kevin
> 
> 
> 
> 
> _______________________________________________
> 
> General
> http://community.qnx.com/sf/go/post90099
>
Kevin Warkentin(deleted)
11/15/2011 3:20 PM
post90107
Re: QNX world writable files on Product Suite 2009   
Hi Oleg:

The concern would be if someone edited the Proc32 file thereby corrupting it and thus nothing would be able to run.
If the other (o) permission was set to not allow writing then it would be better.
I can do testing with Proc32 file permission set to not have write set for other
and see if this affects anything but I thought there might have been an valid reason why the permissions were not set up
 as -rw-rw-r-- as opposed to the current -rw-rw-rw-

Any thoughts ?
  Kevin
Kevin Warkentin(deleted)
11/15/2011 3:29 PM
post90108
Re: QNX world writable files on Product Suite 2009   
Hi Oleg:

 With our software there are cases where we rebuild the image so a corrupted file could be dangerous.

- Kevin
Oleg Bolshakov
11/16/2011 5:03 AM
post90123
Re: QNX world writable files on Product Suite 2009   
Hi Kevin,

I think that easiest way to resolve your doubts is make an trailblazing 
experiment. ;-} I don't know reason for setting o+w permission on the Proc32.

-- 
Respectfully,
Oleg

> Hi Oleg:
> 
>  With our software there are cases where we rebuild the image so a corrupted 
file could be dangerous.
> 
> - Kevin
> 
> 
> 
> _______________________________________________
> 
> General
> http://community.qnx.com/sf/go/post90108
>

Return


  A subsidiary of BlackBerry             All content ©2004-2013, QNX Software Systems