basilsp Posted February 7, 2017 (edited) It is needed deny scanning to non-root users by default. And describe the method of activation this feature in documentation. Or during the process of setup script running it is needed to ask whether allow or deny the scanning to non-root users. Most importantly, it is needed to notify that permission for non-root users for scanning process will give them (non-root users) the opportunity to scan the files for which they don't have permission. Edited February 7, 2017 by ВасилийSP Share this post Link to post
Dmitry Eremeev Posted February 7, 2017 It is needed deny scanning to non-root users by default. And describe the method of activation this feature in documentation. Or during the process of setup script running it is needed to ask whether allow or deny the scanning to non-root users. Most importantly, it is needed to notify that permission for non-root users for scanning process will give them (non-root users) the opportunity to scan the files for which they don't have permission. Hello, please give us more descriptive suggestion. Why should it be forbidden to scan system by non-administrative accounts ? Thank you. Share this post Link to post
basilsp Posted February 8, 2017 (edited) Hello, please give us more descriptive suggestion. Why should it be forbidden to scan system by non-administrative accounts ? Thank you. Hello, now any user may execute the “/opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file”. Therefore, this feature will may be used by attackers to detect standard file names (lib, program, etc), potentially. It is may reduce time and increase chance to success of attack. For example this feature don't check to exist tty. So, if user want use this feature, he can activate it. Importantly, it is needed notify that permission for non-root users for scanning process will give them (non-root users) the opportunity to scan the files for which they don't have permission. Edited February 8, 2017 by ВасилийSP Share this post Link to post
Kirill Tsapovsky Posted February 8, 2017 Hello, now any user may execute the “/opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file”. Therefore, this feature will may be used by attackers to detect standard file names (lib, program, etc), potentially. It is may reduce time and increase chance to success of attack. For example this feature don't check to exist tty. So, if user want use this feature, he can activate it. Importantly, it is needed notify that permission for non-root users for scanning process will give them (non-root users) the opportunity to scan the files for which they don't have permission. Please provide an example of non-root user-run scan task that returns an enumeration of files that the user would not be able to access otherwise. Provide log if possible. Thank you. Share this post Link to post
basilsp Posted February 13, 2017 Please provide an example of non-root user-run scan task that returns an enumeration of files that the user would not be able to access otherwise. Provide log if possible. Thank you. Hello, There are such types of attacks that allow to execute an arbitrary code on the attacked system. This code executes under some user (under this user application is run). It is such users as: ftp, ntp, postfix, etc. I think it is necessary to forbid execution of “/opt/kaspersky/kav4fs/bin/kav4fs-control” for other users by default or it is needed to describe the way to forbid execution of “/opt/kaspersky/kav4fs/bin/kav4fs-control” for other users in documentation. Share this post Link to post