From owner-freebsd-bugs Tue Jan 7 19:24:35 2003 Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4F1C37B401 for ; Tue, 7 Jan 2003 19:24:33 -0800 (PST) Received: from mail10.atl.registeredsite.com (mail10.atl.registeredsite.com [64.224.219.84]) by mx1.FreeBSD.org (Postfix) with ESMTP id D573F43E4A for ; Tue, 7 Jan 2003 19:24:31 -0800 (PST) (envelope-from admin@asarian-host.net) Received: from asarian-host.net (asarian-host.net [216.122.74.112]) by mail10.atl.registeredsite.com (8.12.2/8.12.6) with ESMTP id h083OPtF006521 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT) for ; Tue, 7 Jan 2003 22:24:25 -0500 Comments: To protect the identity of the sender, certain header fields are either not shown, or masked. Anonymous email addresses for asarians can be requested by filling in the appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi Received: (from root@localhost) by asarian-host.net (8.11.6/8.11.0) id h083OP861027 for freebsd-bugs@freebsd.org; Wed, 8 Jan 2003 04:24:25 +0100 (CET) (envelope-from admin@asarian-host.net) Posted-Date: Wed, 8 Jan 2003 04:24:25 +0100 (CET) From: Mark Message-Id: <200301080324.H083ONJ61009@asarian-host.net> Date: Wed, 8 Jan 2003 04:24:05 +0100 X-Authenticated-Sender: admin@asarian-host.net Subject: Re: bin/46838: security vulnerability in dump X-Trace: FLeQyOfY/22CCxMkloDzKMp/SOV71REQHybN0FDiD31HA8vgPrjxvWfj+xlnvxog X-Complaints-To: abuse@asarian-host.net X-Abuse-Info: Please be sure to forward a copy of ALL headers X-Abuse-Info: Otherwise we are unable to process your complaint Organization: Asarian-host To: "David Malone" Cc: References: <200301072050.h07Ko4Kj025064@freefall.freebsd.org> <20030107211547.GD82447@walton.maths.tcd.ie> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Auth: Asarian-host PGP signature iQEVAwUAPhuZ6TFqW1BleBN9AQE/RQf/S4ExtU8duJqZnV+qtpNNgVmvs9B4v/XW iAjYUq89hLLIVvWc2qkXywPmhDRD7j6fOSy3Ur/R31Es5LeweSFUjPk8e2Ubwqkv Lgp9RWXsald6mToH7y5nfgskXWjyvuuLM84bxpDpvYjLxWhJ+owLpC9RcCrdPtBQ pZRlx9k2hEhouZrVlSlMlpmIObj1kZNtbpMDGehSUud0X8M5x4N9eZ6Zsv0HtM4Q vp7HtcOP9beSKr6aW8yd3d+hyF8DN9Lz0ybMD4APEQlug075ULF5LQfwosepOYZt m/mt2PXmTPpAhlnU7A9QnK2DNDmxkqzbODhIh0J5Hq1aHCu3tJPVEQ== =iC+U Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "David Malone" To: "Mark" Cc: Sent: Tuesday, January 07, 2003 10:15 PM Subject: Re: bin/46838: security vulnerability in dump > On Tue, Jan 07, 2003 at 12:50:04PM -0800, Mark wrote: > > > I realize running "umask 077" will prevent this problem. But I also > > believe dump is a special case, as most individual programs do not > > create world-readable files containing root's view of the filesystem > > data. > > Just about any command can create world readable files containing > root's view of a filesystem: cp, tar, cat, dd. I'd also expect > that people may use dump to create (say) group readable files which > can be restored by those in group operator, or somesuch. You make a cogent case for group rights. But, likewise, I cannot conceive of any plausible scenario where a dump-file would ever have to be world-readable. Or is there? So why not make it write "umask 007"? That would maintain all necessary sharing rights for group operator and such, yet prevent all the world and his friend to have a peek too. > If there's a general consensus for change, I'll go along with it - > otherwise I'll close the PR as one of the many ways unix offers you > to shoot yourself in the foot. It is a good thing that UNIX offers tools so powerful that one can shoot oneself in the foot; but why preconfigure the gun to be aimed at it? :) - Mark System Administrator Asarian-host.org --- "If you were supposed to understand it, we wouldn't call it code." - FedEx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message