RE: sticky bits, AIX and TMR/MNs

> Our security team has done a "sweep" of our TMR and Gateways (all
running
> AIX) and identified numerous files with global rwx (777) permissions
within the Tivoli directory structure.  They want
> to activate the "sticky bit" on all of these files - I'm apprehensive
to say the least....  Sometimes files are 777  
> because they need to be.  We're running TMF 4.1.1+, SWD 4.0+, INV
4.1+, DM 3.7+, ITM 5.1.2-FP2.

Hi,
you should be able to get away with rwxrwxr-x or rw-rw-r-- in most, if
not all cases, if setting up group memberships appropriate, although in
the case of tivoli that could mean to "chgrp nobody" some files.

But, whatever you do, what does "setting the sticky bit" on files
supposed affect security? Setting the t bit of an executable means "set
the save-text attribute", which is probably the most useless attribute
in a modern paging system. 

Bye,
        Michael

-- 
Dr. Michael Staats
RWE Systems Computing GmbH
Data Center
SIC-PS Systems Management
Altenessener Str. 37/39
45141 Essen

T intern 70-26919
T extern +49(0)201/12-26919
F extern +49(0)201/12-24751
mailto:michael.staats@xxxxxxx
Intern bitte die neue Verteilerliste "VL SIC-PS Administration"
verwenden