Date: Thu, 13 Apr 1995 17:54:48 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-hackers@FreeBSD.org (FreeBSD hackers) Subject: Re: [Q] dump, restore suid Message-ID: <199504131554.RAA13761@uriah.heep.sax.de> In-Reply-To: <Pine.3.89.9504122242.D10403-0100000@kryten.atinc.com> from "Jonathan M. Bresler" at Apr 12, 95 11:02:10 pm
next in thread | previous in thread | raw e-mail | index | archive | help
As Jonathan M. Bresler wrote: > > > both/sbin/dump and /sbin/restore are suid root on FreeBSD 2.0R > same for /sbin/rrestore and /sbin/rdump > > so if joe pops in a tape and does a restore as a regular user on my > machine over the net from his machine to mine using this suid root > rrestore, he can drop in a /usr/sbin/vipw of his choice??? I hope they've been built `secure', at least, they both have something like: dump/main.c: (void)setuid(getuid()); /* rmthost() is the only reason to be setuid */ restore/tape.c: setuid(getuid()); /* no longer need or want root privileges */ -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504131554.RAA13761>