SAS Institute Alert Note SN-016973

From: SAS Technical Support (tsdlist@unx.sas.com)
Date: Thu Feb 09 2006 - 12:30:47 EST

  • Next message: SAS Technical Support: "SAS Institute TS: New Hot Fixes for SAS 9.1.3 (9.1 TS1M3)"

    SN-016973 ***Alert Note***

    Inappropriate file access allowed on Unix

    Product: Base SAS
    Component: Security
    Priority: ALERT

      When a Unix userid is a member of only one group, the userid will
      inherit the group id from the userid used to start the Object Spawner
      when the SAS process is run through the spawner.

      For example, if the Unix userid 'Test1' is a member of only one group
      called 'Group1' and the Object Spawner was started by Unix userid
      'Test2' which belongs to 'Group2', then any process run by 'Test1'
      through the spawner will have Unix group membership in both 'Group1' and
      'Group2'.

      This may allow the process to access files that it should not have
      access to. This is a problem only with 9.1.3 with Service Pack 3
      applied.

      A fix for SAS 9.1.3 (9.1 TS1M3) for this issue is available at:

      http://www.sas.com/techsup/download/hotfix/d9_sbcs_prod_list.html#016973

      For customers running SAS with Asian Language Support (DBCS), this
      fix should be downloaded from:

      http://www.sas.com/techsup/download/hotfix/d9_dbcs_prod_list.html#016973

    Keywords

    security base jan06 sn-016973 outprob ship group chown ownership permissions read write workspace object spawner bi file not jawna 9.1.3 aix/r digitunx hp800 hpux itanium intel-64bit linux linux itanium solaris s0341734 016973 16973 so913rsp3 editedyes priorityalert 16973

    System Version Reported Version Fixed

    AIX/6000 9.1.3 TSSP3
    Compaq Tru64 UNIX 9.1.3 TSSP3
    HP-UX Operating Systems 9.1.3 TSSP3
    HP-UX Itanium 9.1.3 TSSP3
    Intel Itanium Processor Family(IPF) 9.1.3 TSSP3
    Linux 9.1.3 TSSP3
    Linux Itanium 9.1.3 TSSP3
    Solaris 9.1.3 TSSP3

    +-------------------------------------------------------------------------
    + NOTE: To unsubscribe you must send mail to: LISTSERV@VM.SAS.COM with
    + "SIGNOFF tsnews-l"
    + as the only text in the body of the message (without the double quotes).
    + If you have any questions please send them to TSDLIST@SAS.COM
    +-------------------------------------------------------------------------



    This archive was generated by hypermail 2b29 : Thu Feb 09 2006 - 12:31:13 EST