From owner-freebsd-questions  Wed Mar 19 02:04:47 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id CAA14720
          for questions-outgoing; Wed, 19 Mar 1997 02:04:47 -0800 (PST)
Received: from peedub.gj.org (newpc.muc.ditec.de [194.120.126.33])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA14714
          for <freebsd-questions@FreeBSD.ORG>; Wed, 19 Mar 1997 02:04:39 -0800 (PST)
Received: from peedub.gj.org (localhost [127.0.0.1]) by peedub.gj.org (8.8.5/8.6.9) with ESMTP id LAA01703; Wed, 19 Mar 1997 11:03:10 GMT
Message-Id: <199703191103.LAA01703@peedub.gj.org>
X-Mailer: exmh version 2.0gamma 1/27/96
To: Brian Litzinger <brian@mpress.com>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Is a device entry setuid to root a security issue? 
Reply-To: Gary Jennejohn <Gary.Jennejohn@munich.netsurf.de>
In-reply-to: Your message of "Tue, 18 Mar 1997 23:21:11 PST."
             <19970318232111.57970@mpress.mpress.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 19 Mar 1997 11:03:09 +0000
From: Gary Jennejohn <garyj@munich.netsurf.de>
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Brian Litzinger writes:
>amanda (the tape backup program) just puked today because
>
>ERROR: home.xxx.com: [can not read/write /dev/null: Permission denied]
>
>So I took a peek:
>
>brian@home>ls -ld /dev/null
>cr-sr-xr-x  1 root  bin    2,   2 Dec 10 17:45 /dev/null*            
>
>Is this a security risk?
>

this is hosed. Devices shouldn't be executable. I have
crw-rw-rw-  1 root  wheel    2,   2 Mar 18 11:13 /dev/null

---
Gary Jennejohn
Home - Gary.Jennejohn@munich.netsurf.de
Work - gjennejohn@frt.dec.com