Date: Thu, 30 Jan 2003 17:16:48 -0800 From: Kirk McKusick <mckusick@beastie.mckusick.com> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: Garrett Wollman <wollman@lcs.mit.edu>, freebsd-current@FreeBSD.org Subject: Re: dump -L and privilege Message-ID: <200301310116.h0V1GmFL017340@beastie.mckusick.com> In-Reply-To: Your message of "Fri, 31 Jan 2003 02:24:00 %2B0200." <20030131002400.GC758@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Date: Fri, 31 Jan 2003 02:24:00 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Garrett Wollman <wollman@lcs.mit.edu> Cc: Kirk McKusick <mckusick@beastie.mckusick.com>, freebsd-current@FreeBSD.org Subject: Re: dump -L and privilege X-ASK-Info: Confirmed by User On 2003-01-30 15:52, Garrett Wollman <wollman@lcs.mit.edu> wrote: > <<On Wed, 29 Jan 2003 18:17:31 -0800, > Kirk McKusick <mckusick@beastie.mckusick.com> said: > > The other alternative would be to > > create a setuid-to-root program that would take a snapshot and > > chown it to the user that does dumps. > > I think this would actually be a useful feature for more than just > dumps. I might want to allow some users (say, those in group > `operator') to be able to create snapshots on their own, without > allowing arbitrary mounting privileges. Do normal permissions apply for the files included in a snapshot? It would be horrible from a security standpoint if any user could use a setuid program to snapshot filesystems, mount the snapshot to places of their own, and read random files from the mounted snapshot. </knee jerk reaction> - Giorgos By default snapshots are mode 400 owned by root, so normal users cannot access them. The setuid program is proposing to make them mode 440 group operator which would let anyone in the operator group read them. This is the same level of permission given to disks, so is neither more nor less secure than regular disks. If the snapshot is mounted, then the same filesystem permissions are enforced as would be enforced for the mounted disk except that the mount must be done read-only, so nothing in the snapshot can be moved, deleted, or changed. Kirk McKusick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301310116.h0V1GmFL017340>