From emf@pls.com  Wed May 29 07:41:06 1996
Received: from san-marcos.pls.com (san-marcos.pls.com [192.246.50.151]) by suburbia.net (8.7.4/Proff-950810) with SMTP id HAA20845; Wed, 29 May 1996 07:41:00 +1000
Received: from san-marcos by san-marcos.pls.com (SMI-8.6/SMI-SVR4)
	id RAA14299; Tue, 28 May 1996 17:46:31 -0400
Sender: emf@pls.com
Message-ID: <31AB7437.4649@pls.com>
Date: Tue, 28 May 1996 17:46:31 -0400
From: Erik Fichtner <emf@pls.com>
Organization: Systems Administrator, Personal Library Software
X-Mailer: Mozilla 2.0 (X11; U; SunOS 5.3 sun4m)
MIME-Version: 1.0
To: "Marc Ph. A. J. St.-Gil - UNIX/VAX Systems Manager" <mstgil@unt.edu>
CC: Julian Assange <proff@suburbia.net>, best-of-security@suburbia.net
Subject: Re: BoS: Security problem in ESRI's ArcDoc 7.0.4
References: <Pine.SUN.3.91.960528162246.23612I-100000@sol.acs.unt.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Marc Ph. A. J. St.-Gil - UNIX/VAX Systems Manager wrote:
> 
> On Wed, 29 May 1996, Julian Assange wrote:
> 
> > Date: Wed, 29 May 1996 04:45:20 +1000
> > From: Julian Assange <proff@suburbia.net>
> > To: best-of-security@suburbia.net
> > Subject: BoS: Security problem in ESRI's ArcDoc 7.0.4
> >
> >
> > *** GIS & ESRI/ARC/Info shops take note! ***
> >
> > The program "fm_fls" as distributed with ESRI's "ArcDoc" package (7.0.4)
> > contains a bug which allows us to (a) add somewhat arbitrary data
> > to any file and (b) changes the permissions of that file to rw-rw-rw-.
> >
> > fm_fls is setuid root.
> >
> 
> Ack!  Unless I am mistaken, fm_fls is a viewer for Frame Maker
> documents.  This would seem to indicate that possibly all sites with
> Frame maker or a product that uses Frame Maker documents and fm_fls
> viewer as on-line documentation are at risk.
> 
> Has anyone contacted Frame about this?

I just checked the permissions in our Solaris versions of Frame 5
and Frame 4.0.3p1a and found the following:

Frame 5:
lrwxrwxrwx   1 root            8 Mar  1 15:57 fm_fls -> .wrapper
-rwxr-xr-x   1 root         3284 May 19  1995 .wrapper

Frame 4:
lrwxrwxrwx   1 root            8 Apr 23 15:30 fm_fls -> .wrapper
-rwxr-xr-x   1 root         2583 Feb  1  1994 .wrapper

Ours is not SUID root.

Erik Fichtner
Systems Administrator
Personal Library Software