This sounds like a positive step from a security standpoint, rather than a security breach. There might still be a bug in Netscape, since having the zombie process still lingering means that Netscape never checked to see what the exit status of the chmod command was. That issue will have to be resolved by Netscape. -----Original Message----- From: brian-suse@delta.stech.cx [mailto:brian-suse@delta.stech.cx] Sent: Tuesday, January 18, 2000 3:49 PM To: suse-security@suse.com Subject: [suse-security] [link@foo.fh-furtwangen.de: Re: [suse-security] Correction: was :(re: [suse-security] netscape call chown)] Pretty much, it looks like it fixes permissions on $HOME/.netscape/... so other users won't be able to get at your "private information" (i.e. cookies) command executed: chmod -f -R go-rxw $HN & $HN is set to $HOME/.netscape -Brian --almost-original-message-- Oliver Leue wrote:
today i found that netscape calls "chown". not chown, but chmod. Send bug reports concerning non-open-source programs to the authors. We can't fix bugs w/o source code. that's what i did. send it to netscape. but that's not only a bug. it's a security-hole too isn't it?
Well, we do a simple "grep chmod /usr/X11R6/bin/netscape" and found this command in the SuSE netscape startup-script . So, is it a "bug" in netscape or in the startup script?!