BMC's Control M is an enterprise scheduling facility. Unfortunately, the agent software suffers from a problem with insecure temporary file creation. We noticed the problem on Solaris systems running the version 6.1.03 with current patches; it is reasonable to assume that other OS platforms and versions are also affected. The scripts to be run by a Control M job are stored in temporary files with names like: /tmp/ctm/CMD.10637 The contents appear to be the contents of a job as created by a Control M user. The /tmp/ctm directory is created during the first scheduled job that is run following a reboot. Normally it is created with root ownership and 755 permissions. Depending on how frequently jobs are run on a particular client, this may leave a significant window of opportunity for some nefarious soul to create this directory with other permissions or to create appropriately (or inappropriately) named links. It is left as an exercise to the reader to identify ways in which to screw the system to the ground. One less than ideal work-around would be to create the /tmp/ctm directory before sshd, inetd or cron start up--say at /etc/rc2.d/S68 in the boot cycle on Solaris 8. BMC has been notified of this problem and has opened up problem ticket number BMPM010114. According to BMC Support, a fix will be "implemented in a future release." Rather than waiting, I strongly suggest the workaround above. Good luck: --Scott __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
