Remote dumps as root (was Re: Why does "root" worn everything?)

[Don Speck]

In article <1610 at pinney.munsell.UUCP> pz at pinney.UUCP (Paul Czarnecki) writes:
>I asked Sun what to do about this.  (Isn't software support wonderful)
>They just told me to make /etc/dump setuid root, setgid operator.
>None of my backups are done by someone logging in as root.
>
>Was this stupid?

4.3bsd rdump is setuid and executable by world, but it is designed for it.
After it calls rcmd(), it throws away its privileges.  I don't think it's
any more dangerous than 'rsh' (remote shell).

SunOS rdump is derived from 4.2bsd rdump, which was NOT designed to be
setuid.  4.2bsd rdump calls rcmd() with locuser = remuser = "root", and
it doesn't throw away its setuid privileges afterward.	Making it setuid
instead of giving the operator a root shell is just fooling yourself.

In article <9394 at sunybcs.UUCP>, kensmith at sunybcs.uucp (Ken Smith) writes:
> sudo /etc/rdump 2udsf 6250 2200 joey.sundumps:/dev/rmt8 /dev/whatever

This syntax, patterned after 4.2bsd "rcp", is peculiar to SunOS and
incompatible with the world of domain names.  It should give way to
a syntax more like 4.3bsd "rcp":

    rdump 0uf user at host.domain:device,device,device /filsys

Don Speck   speck at vlsi.caltech.edu  {amdahl,ames!elroy}!cit-vax!speck