Date: Mon, 22 Oct 2001 02:25:34 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Fernando Schapachnik <fschapachnik@vianetworks.com.ar> Cc: Hassan Halta <hassan@cs.earlham.edu>, freebsd-security@FreeBSD.ORG Subject: Re: using dump for backups. Message-ID: <20011022022534.B332@blossom.cjclark.org> In-Reply-To: <20011021113323.A77630@ns1.via-net-works.net.ar>; from fschapachnik@vianetworks.com.ar on Sun, Oct 21, 2001 at 11:33:23AM -0300 References: <20011020231659.H77421-100000@quark.cs.earlham.edu> <20011021113323.A77630@ns1.via-net-works.net.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 21, 2001 at 11:33:23AM -0300, Fernando Schapachnik wrote:
> dump has had a history of exploitable overflows, which of course had
> been fixed.
>
> Anyway, the risk was just having it on the system, and using it or
> not didn't change the risk.
And dump(8) has not been setuid root since 1997. It has not been
setgid tty for just over a month.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011022022534.B332>