Jump to content
Sign in to follow this  
basilsp

Scanning to non-root users [In progress]

Recommended Posts

It is needed deny scanning to non-root users by default.

And describe the method of activation this feature in documentation.

Or during the process of setup script running it is needed to ask whether allow or deny the scanning to non-root users.

Most importantly, it is needed to notify that permission for non-root users for scanning process will give them (non-root users) the opportunity to scan the files for which they don't have permission.

Edited by ВасилийSP

Share this post


Link to post
It is needed deny scanning to non-root users by default.

And describe the method of activation this feature in documentation.

Or during the process of setup script running it is needed to ask whether allow or deny the scanning to non-root users.

Most importantly, it is needed to notify that permission for non-root users for scanning process will give them (non-root users) the opportunity to scan the files for which they don't have permission.

 

Hello,

 

please give us more descriptive suggestion.

Why should it be forbidden to scan system by non-administrative accounts ?

Thank you.

 

Share this post


Link to post
Hello,

 

please give us more descriptive suggestion.

Why should it be forbidden to scan system by non-administrative accounts ?

Thank you.

Hello,

 

now any user may execute the “/opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file”.

Therefore, this feature will may be used by attackers to detect standard file names (lib, program, etc), potentially. It is may reduce time and increase chance to success of attack.

For example this feature don't check to exist tty.

So, if user want use this feature, he can activate it. Importantly, it is needed notify that permission for non-root users for scanning process will give them (non-root users) the opportunity to scan the files for which they don't have permission.

Edited by ВасилийSP

Share this post


Link to post
Please provide an example of non-root user-run scan task that returns an enumeration of files that the user would not be able to access otherwise.

Provide log if possible.

 

Thank you.

Hello,

 

There are such types of attacks that allow to execute an arbitrary code on the attacked system. This code executes under some user (under this user application is run). It is such users as: ftp, ntp, postfix, etc.

I think it is necessary to forbid execution of “/opt/kaspersky/kav4fs/bin/kav4fs-control” for other users by default or it is needed to describe the way to forbid execution of “/opt/kaspersky/kav4fs/bin/kav4fs-control” for other users in documentation.

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.