Date: Wed, 8 Jan 2003 04:30:15 -0800 (PST) From: Peter Pentchev <roam@ringlet.net> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/46838: security vulnerability in dump Message-ID: <200301081230.h08CUFMZ023898@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/46838; it has been noted by GNATS. From: Peter Pentchev <roam@ringlet.net> To: David Malone <dwmalone@maths.tcd.ie> Cc: Mark <admin@asarian-host.net>, bug-followup@FreeBSD.org Subject: Re: bin/46838: security vulnerability in dump Date: Wed, 8 Jan 2003 14:27:23 +0200 On Tue, Jan 07, 2003 at 09:15:47PM +0000, David Malone wrote: > On Tue, Jan 07, 2003 at 12:50:04PM -0800, Mark wrote: > > I realize running "umask 077" will prevent this problem. But I also believe > > dump is a special case, as most individual programs do not create > > world-readable files containing root's view of the filesystem data. > > Just about any command can create world readable files containing > root's view of a filesystem: cp, tar, cat, dd. I'd also expect > that people may use dump to create (say) group readable files which > can be restored by those in group operator, or somesuch. This may be mollified even further by a sensible directory hierarchy of the location that filesystem dumps are kept: I personally *always* create dumps and backup archives in a directory that is in itself protected by permissions-based access control. The default FreeBSD setup sets a good example by providing a /var/backups directory by default, which is only writeable by root and readable by the 'wheel' group. > If there's a general consensus for change, I'll go along with it - > otherwise I'll close the PR as one of the many ways unix offers you > to shoot yourself in the foot. FWIW, I concur - most of the Unix utilities provide you with the ability to shoot yourself in the foot if you so desire, indeed :) G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am jealous of the first word in this sentence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301081230.h08CUFMZ023898>