Date: Sun, 9 Feb 1997 07:34:07 +1100 From: Bruce Evans <bde@zeta.org.au> To: current@freebsd.org, eivind@dimaga.com, hackers@freebsd.org Subject: Re: Proposed change to dump/restore Message-ID: <199702082034.HAA24797@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>The suid capability of dump is only used for remote backups. > >dump have been known for security holes in the past, and is not a user >level program. I propose a change of default mode and owner for this >program to >-r-sr-x--- root:operator /sbin/dump It should be at least -r-sr-xr--. >which will disallow anybody not in the operator group from making backups >using dump (which is not too bad a thing, as only members of wheel can >access the harddisks directly, which is needed to be able to use dump >anyway), and only leave dump vulnerable to attacks from an operator :) Don't forget device independence. If you somehow have a ufs file system image in a file, then dump will work on it, and dump/restore is one way to list its contents. If dump is world readable, then anyone can run a nonsetuid copy of it to do this, but it's annoying to have to copy it. Hard disks are not accessible by members of group wheel. However, they are readable by group operator. Why do dump and restore currently have group tty? Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702082034.HAA24797>