Tape drive securiry
Barry Shein
bzs at bu-cs.bu.edu
Sat May 6 05:04:27 AEST 1989
From: root%helios.UCSC.EDU at ucscc.ucsc.edu (De Clarke Sys Mgr)
>...We have one tape drive on
>our 4/280. This is the problem: U**x does not provide, as far as this
>neophyte knows, an equivalent to the VMS ALLOCATE command, which allocates
>a device to a user.
A simple setuid program which manipulates ownership/permission on the tape
drive devices is probably all you need. Something like:
create a psuedo-user "free" which owns the
tape drive when not in use. Change permissions
to something like 600.
write a short program which just changes ownership
to the user if currently owned by free or back to
free when done.
you might want to add a few lines to rc.local which, eg,
rewinds and unloads any tape mounted on reboot and resets
the ownership to user free. How good an idea this is
might take some experience.
It really shouldn't take more than about a screenful or two of C code.
Could be done with shell scripts but setuid shell scripts are fraught with
security problems.
If you wanted to get fancier you could fork a subshell after setting the
tape ownership so any interruption (eg. hanging up) would reset the tape
drive, optional and possibly a nuisance (eg. you'd lose your history
list.)
-Barry Shein, Software Tool & Die
There's nothing more terrifying to hardware vendors than
satisfied customers.
More information about the Comp.sys.sun
mailing list