Remote dumps as root (was Re: Why does "root" worn everything?)

[Louis A. Mamakos]

In article <1610 at pinney.munsell.UUCP> pz at pinney.UUCP (Paul Czarnecki) writes:
>I asked Sun what to do about this.  (Isn't software support wonderful)
>They just told me to make /etc/dump setuid root, setgid operator.
>None of my backups are done by someone logging in as root.
>
>Was this stupid?

I think so.  What's to stop Joe User from doing something like:

	dump 0f /dev/rra0c - | restore xf - ./path/secret-file

to grab any file on your system?





Louis A. Mamakos  WA3YMH    Internet: louie at TRANTOR.UMD.EDU
University of Maryland, Computer Science Center - Systems Programming