From owner-freebsd-questions Mon Jun 14 3:29:35 1999 Delivered-To: freebsd-questions@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 8113C14E33; Mon, 14 Jun 1999 03:29:30 -0700 (PDT) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.1) id MAA62259; Mon, 14 Jun 1999 12:29:15 +0200 (CEST) (envelope-from des) To: John Cc: jschwab@royal.net (Jason L. Schwab), freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: reading files. References: <199906141147.VAA06078@fiend.securesys.com.au> From: Dag-Erling Smorgrav Date: 14 Jun 1999 12:29:14 +0200 In-Reply-To: John's message of "Mon, 14 Jun 1999 21:17:02 +0930 (CST)" Message-ID: Lines: 23 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG John writes: > > I heard that there is a way to read any file on a freebsd system as a > > normal non-root user.. is this true? if so can some one give me some info > > on this? thanks. > > If the raw device file for the filesystem were world readable, > you could 'read' any file as a non-root user... This is academic, since raw disk devices are created with owner root, group operator and mode 640. You'd have to *make* the device nodes world-readable (or add everybody to group operator) for this to work. There is no known way for a normal user to read a file to which he or she does not normally have access without first gaining root privileges - either by somehow obtaining the root password or physical access to the console, or by exploiting a misconfiguration or a security hole in third-party software. (disclaimer: I am not a FreeBSD security officer) DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message