From owner-freebsd-hackers  Thu Apr 13 09:10:01 1995
Return-Path: hackers-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id JAA20109
          for hackers-outgoing; Thu, 13 Apr 1995 09:10:01 -0700
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id JAA20097
          for <freebsd-hackers@freebsd.org>; Thu, 13 Apr 1995 09:09:55 -0700
Received: from sax.sax.de by irz301.inf.tu-dresden.de with SMTP
	(5.67b+/DEC-Ultrix/4.3) id AA18020; Thu, 13 Apr 1995 18:09:42 +0200
Received: by sax.sax.de (8.6.12/8.6.12-s1) with UUCP
	id SAA18439 for freebsd-hackers@freebsd.org; Thu, 13 Apr 1995 18:09:42 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.6.11/8.6.9) id RAA13761 for freebsd-hackers@freebsd.org; Thu, 13 Apr 1995 17:54:48 +0200
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199504131554.RAA13761@uriah.heep.sax.de>
Subject: Re: [Q] dump, restore suid
To: freebsd-hackers@FreeBSD.org (FreeBSD hackers)
Date: Thu, 13 Apr 1995 17:54:48 +0200 (MET DST)
In-Reply-To: <Pine.3.89.9504122242.D10403-0100000@kryten.atinc.com> from "Jonathan M. Bresler" at Apr 12, 95 11:02:10 pm
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
X-Phone: +49-351-2012 669
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-Length: 763       
Sender: hackers-owner@FreeBSD.org
Precedence: bulk

As Jonathan M. Bresler wrote:
> 
> 
> 	both/sbin/dump and /sbin/restore are suid root  on FreeBSD 2.0R
> same for /sbin/rrestore and /sbin/rdump
> 
> 	so if joe pops in a tape and does a restore as a regular user on my 
> machine over the net from his machine to mine using this suid root 
> rrestore, he can drop in a /usr/sbin/vipw of his choice???  

I hope they've been built `secure', at least, they both have something
like:

dump/main.c:
        (void)setuid(getuid()); /* rmthost() is the only reason to be setuid */

restore/tape.c:
        setuid(getuid());       /* no longer need or want root privileges */

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/
Never trust an operating system you don't have sources for. ;-)