From owner-freebsd-security  Mon Sep 27  7: 0:23 1999
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 49E1114D6E
	for <freebsd-security@FreeBSD.ORG>; Mon, 27 Sep 1999 07:00:20 -0700 (PDT)
	(envelope-from cy@cschuber.net.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA14697;
	Mon, 27 Sep 1999 07:00:19 -0700
Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com"
 via SMTP by point.osg.gov.bc.ca, id smtpda14686; Mon Sep 27 06:59:59 1999
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.9.3/8.9.1) id GAA53200;
	Mon, 27 Sep 1999 06:59:56 -0700 (PDT)
Message-Id: <199909271359.GAA53200@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdS53095; Mon Sep 27 06:59:18 1999
X-Mailer: exmh version 2.0.2 2/24/98
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 3.3-RELEASE
X-Sender: cy
To: cjclark@home.com
Cc: dillon@apollo.backplane.com (Matthew Dillon),
	freebsd-security@FreeBSD.ORG
Subject: Re: dump(8) Insecurity/Misconfiguration 
In-reply-to: Your message of "Sat, 25 Sep 1999 22:03:23 EDT."
             <199909260203.WAA48170@cc942873-a.ewndsr1.nj.home.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 27 Sep 1999 06:59:17 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <199909260203.WAA48170@cc942873-a.ewndsr1.nj.home.com>, 
"Crist J. Cl
ark" writes:
> Matthew Dillon wrote,
> I am used to only doing it as root since the manpage says,
> 
>     "Dump cannot do remote backups without being run as root, due to its secu
> -
>      rity history.  This will be fixed in a later version of FreeBSD. Present
> -
>      ly, it works if you set it setuid (like it used to be), but this might
>      constitute a security risk."

The reason for this is that dump(8) uses the rsh protocol to issue an 
rmt(8) command on the remote host.  The rsh protocol requires that the 
remote rshd(8) open a connection to a privileged port being listened to 
by the rsh client.

Running dump as root isn't as big a security problem than the firewall 
issues that this rsh issue raises, not to mention cleartext.  Due to 
it's copyright restrictions use of the SSH protocol may not be too 
wise, however various VPN solutions do help.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Sun/DEC Team, UNIX Group    Internet:  Cy.Schubert@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Province of BC
                      "e**(i*pi)+1=0"





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message