Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 Jan 2003 04:24:05 +0100
From:      Mark <admin@asarian-host.net>
To:        "David Malone" <dwmalone@maths.tcd.ie>
Cc:        <freebsd-bugs@freebsd.org>
Subject:   Re: bin/46838: security vulnerability in dump
Message-ID:  <200301080324.H083ONJ61009@asarian-host.net>
References:  <200301072050.h07Ko4Kj025064@freefall.freebsd.org> <20030107211547.GD82447@walton.maths.tcd.ie>
index | next in thread | previous in thread | raw e-mail 

----- Original Message -----
From: "David Malone" <dwmalone@maths.tcd.ie>
To: "Mark" <admin@asarian-host.net>
Cc: <freebsd-bugs@FreeBSD.org>
Sent: Tuesday, January 07, 2003 10:15 PM
Subject: Re: bin/46838: security vulnerability in dump

> On Tue, Jan 07, 2003 at 12:50:04PM -0800, Mark wrote:
>
> > I realize running "umask 077" will prevent this problem. But I also
> > believe dump is a special case, as most individual programs do not
> > create world-readable files containing root's view of the filesystem
> > data.
>
> Just about any command can create world readable files containing
> root's view of a filesystem: cp, tar, cat, dd. I'd also expect
> that people may use dump to create (say) group readable files which
> can be restored by those in group operator, or somesuch.

You make a cogent case for group rights. But, likewise, I cannot conceive of
any plausible scenario where a dump-file would ever have to be
world-readable. Or is there? So why not make it write "umask 007"? That
would maintain all necessary sharing rights for group operator and such, yet
prevent all the world and his friend to have a peek too.

> If there's a general consensus for change, I'll go along with it -
> otherwise I'll close the PR as one of the many ways unix offers you
> to shoot yourself in the foot.

It is a good thing that UNIX offers tools so powerful that one can shoot
oneself in the foot; but why preconfigure the gun to be aimed at it? :)

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301080324.H083ONJ61009>