From owner-freebsd-security  Sun Sep 26 15:49:15 1999
Delivered-To: freebsd-security@freebsd.org
Received: from po7.andrew.cmu.edu (PO7.ANDREW.CMU.EDU [128.2.10.107])
	by hub.freebsd.org (Postfix) with ESMTP id 1A84E14BFA
	for <freebsd-security@FreeBSD.ORG>; Sun, 26 Sep 1999 15:48:59 -0700 (PDT)
	(envelope-from tcrimi+@andrew.cmu.edu)
Received: (from postman@localhost)
	by po7.andrew.cmu.edu (8.9.3/8.9.3) id SAA04222
	for freebsd-security@FreeBSD.ORG; Sun, 26 Sep 1999 18:48:57 -0400 (EDT)
Received: via switchmail; Sun, 26 Sep 1999 18:48:57 -0400 (EDT)
Received: from unix12.andrew.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/service/mailqs/q001/QF.Urve9di00UwE01Km00>;
          Sun, 26 Sep 1999 18:47:05 -0400 (EDT)
Received: from unix12.andrew.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/usr18/tcrimi/.Outgoing/QF.krve9d600UwE0xniw0>;
          Sun, 26 Sep 1999 18:47:05 -0400 (EDT)
Received: from mms.4.60.Jun.27.1996.03.02.53.sun4.51.EzMail.2.0.CUILIB.3.45.SNAP.NOT.LINKED.unix12.andrew.cmu.edu.sun4m.54
          via MS.5.6.unix12.andrew.cmu.edu.sun4_51;
          Sun, 26 Sep 1999 18:47:05 -0400 (EDT)
Message-ID: <Erve9d600UwE0xnio0@andrew.cmu.edu>
Date: Sun, 26 Sep 1999 18:47:05 -0400 (EDT)
From: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>
To: freebsd-security@FreeBSD.ORG
Subject: Re: dump(8) Insecurity/Misconfiguration
Cc: 
In-Reply-To: <199909260203.WAA48170@cc942873-a.ewndsr1.nj.home.com>
References: <199909260203.WAA48170@cc942873-a.ewndsr1.nj.home.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Excerpts from FreeBSD-Security: 25-Sep-99 Re: dump(8) Insecurity/Misc..
by "Crist J. Clark"@cc94287 
>     "Dump cannot do remote backups without being run as root, due to
its secu-
>  
>      rity history.  This will be fixed in a later version of FreeBSD.
Present-
>  
>      ly, it works if you set it setuid (like it used to be), but this might
>      constitute a security risk."

  Speaking of this, this summer I adopted NetBSD's ability to use ssh
rather than rsh-style connections to do remote dump.  It was a
modification to rcmd() which read in the environmental variable RCMD_CMD
(IIRC), used that program if set.  If people are interested in this, I'd
be glad to clean up and submit these patches.  Any features/changes that
would be handy?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message