From owner-freebsd-bugs Mon Jan 13 19:20: 5 2003 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D002E37B401 for ; Mon, 13 Jan 2003 19:20:03 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82FCF43EB2 for ; Mon, 13 Jan 2003 19:20:03 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h0E3K3NS011365 for ; Mon, 13 Jan 2003 19:20:03 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h0E3K3xl011364; Mon, 13 Jan 2003 19:20:03 -0800 (PST) Date: Mon, 13 Jan 2003 19:20:03 -0800 (PST) Message-Id: <200301140320.h0E3K3xl011364@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Mike Makonnen Subject: Re: bin/46838: security vulnerability in dump Reply-To: Mike Makonnen Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR bin/46838; it has been noted by GNATS. From: Mike Makonnen To: Mark Cc: dwmalone@maths.tcd.ie, bug-followup@FreeBSD.ORG Subject: Re: bin/46838: security vulnerability in dump Date: Mon, 13 Jan 2003 22:16:11 -0500 --=.WJ?3FuoBs)a_US Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit > > I have to agree with David here. Dump should not hard code any file > > creation modes. We have no way of anticipating (or the right to dictate) > > how an administrator should run his system. However, it probably > > deserves a mention in the man page. Does the following patch address > > your concerns? > > > > Cheers. I have had it reviewed by Sheldon and he is against this. The basic argument is that this should be SysAdmin 101 (i.e. - it's the administrator's responsibility to realize this). It's impractical to add this change to all programs that could be abused in this way. I think he actually has a point here, if this gets through then we wouldn't have much ground for refusing similar changes to other programs. In short, even if I committed this against his wishes I think there would be too much resistance from other developers to bother. Thanks for the submission, though. Cheers. -- Mike Makonnen | GPG-KEY: http://www.identd.net/~mtm/mtm.asc mtm@identd.net | Fingerprint: D228 1A6F C64E 120A A1C9 A3AA DAE1 E2AF DBCC 68B9 --=.WJ?3FuoBs)a_US Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+I4D82uHir9vMaLkRAux8AKCnSwc8CtyfoOBAlKoGp+FxN1ObswCfbTtY tXJGV+KTfiYCD7EpWWgTe9s= =Lq8m -----END PGP SIGNATURE----- --=.WJ?3FuoBs)a_US-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message