Date: Thu, 13 Apr 1995 17:54:48 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-hackers@FreeBSD.org (FreeBSD hackers) Subject: Re: [Q] dump, restore suid Message-ID: <199504131554.RAA13761@uriah.heep.sax.de> In-Reply-To: <Pine.3.89.9504122242.D10403-0100000@kryten.atinc.com> from "Jonathan M. Bresler" at Apr 12, 95 11:02:10 pm
next in thread | previous in thread | raw e-mail | index | archive | help
As Jonathan M. Bresler wrote:
>
>
> both/sbin/dump and /sbin/restore are suid root on FreeBSD 2.0R
> same for /sbin/rrestore and /sbin/rdump
>
> so if joe pops in a tape and does a restore as a regular user on my
> machine over the net from his machine to mine using this suid root
> rrestore, he can drop in a /usr/sbin/vipw of his choice???
I hope they've been built `secure', at least, they both have something
like:
dump/main.c:
(void)setuid(getuid()); /* rmthost() is the only reason to be setuid */
restore/tape.c:
setuid(getuid()); /* no longer need or want root privileges */
--
cheers, J"org
joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/
Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504131554.RAA13761>