Re: [Pan-users] Re: Connections [Is it hiding a security hole?]

[David Shochat]

Timothy J. Hamilton wrote:
> I tried editing servers.xml as root. No help. I changed permissions and
>
> ownership. Setting owner as forbidden to write & setting ownership of 
> the file
>
> to root.
>
> On startup both times, Pan acted as if it were a new install. Entries 
> in the
>
> edited servers.xml were removed.
>
> It would seem that somewhere Pan is not respecting *nix file ownership 
> settings
>
> and permissions at least when it comes to servers.xml.
servers.xml is in .pan2. So as long as you have write access to .pan2 
(which would normally be the case), pan could, if it wanted to, delete 
servers.xml, no matter what its ownership/permissions might be, and 
re-create it. I do not know that pan does this nor why it would want to; 
I'm just saying that nothing would prevent it from doing that. Deleting 
a file requires only write-access to the directory containing it.
-- David