Date: Tue, 7 Jan 2003 12:40:03 -0800 (PST) From: David Malone <dwmalone@maths.tcd.ie> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/46838: security vulnerability in dump Message-ID: <200301072040.h07Ke38t022964@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/46838; it has been noted by GNATS. From: David Malone <dwmalone@maths.tcd.ie> To: System Administrator <root@asarian-host.net> Cc: FreeBSD-gnats-submit@FreeBSD.org Subject: Re: bin/46838: security vulnerability in dump Date: Tue, 7 Jan 2003 20:32:11 +0000 On Tue, Jan 07, 2003 at 09:09:57PM +0100, System Administrator wrote: > When dumping to a file, dump writes this file chmod 644. When the > root-partition is being backed-up, this leaves the dump-file > vulnerable to scanning by unprivileged users for the duration of the dump. I've tested dump in -current, and it creates the file with the mode dictated by my umask. I believe this is the correct behaviour - if you want your dumps created with a more restrictive mode I'd suggest running "umask 077" before running dump. I'll close the PR if this explains the problem you are seeing. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301072040.h07Ke38t022964>