Remote dumps as root (was Re: Why does "root" worn everything?)
Paul Czarnecki
pz at munsell.UUCP
Wed Mar 23 09:56:55 AEST 1988
In article <2463 at umd5.umd.edu> louie at trantor.umd.edu (Louis A. Mamakos) writes:
>In article <1610 at pinney.munsell.UUCP> pz at pinney.UUCP (Paul Czarnecki) writes:
>>They [Sun] just told me to make /etc/dump setuid root, setgid operator.
>>None of my backups are done by someone logging in as root.
>>Was this stupid?
>
>I think so. What's to stop Joe User from doing something like:
>
> dump 0f /dev/rra0c - | restore xf - ./path/secret-file
This shouldn't happen.
root at munsell #85 ls -lg /etc/dump
-rwsr-s--- 1 root operator 90112 Sep 15 1986 /etc/dump
There is no 'x' bit for normal users. You must be in the group
"operator" to run this (or root).
After seeing the volume of responses on this I wish I had included the
'ls' output in my original posting.
pZ
--
Paul Czarnecki -- Spam, spam, spam, Usenet, and spam
{{harvard,ll-xn}!adelie,{decvax,allegra,talcott}!encore}!munsell!pz
More information about the Comp.unix.wizards
mailing list