From owner-freebsd-current Sat Feb 8 12:36:57 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA27641 for current-outgoing; Sat, 8 Feb 1997 12:36:57 -0800 (PST) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA27621; Sat, 8 Feb 1997 12:36:52 -0800 (PST) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.3/8.6.9) id HAA24797; Sun, 9 Feb 1997 07:34:07 +1100 Date: Sun, 9 Feb 1997 07:34:07 +1100 From: Bruce Evans Message-Id: <199702082034.HAA24797@godzilla.zeta.org.au> To: current@freebsd.org, eivind@dimaga.com, hackers@freebsd.org Subject: Re: Proposed change to dump/restore Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >The suid capability of dump is only used for remote backups. > >dump have been known for security holes in the past, and is not a user >level program. I propose a change of default mode and owner for this >program to >-r-sr-x--- root:operator /sbin/dump It should be at least -r-sr-xr--. >which will disallow anybody not in the operator group from making backups >using dump (which is not too bad a thing, as only members of wheel can >access the harddisks directly, which is needed to be able to use dump >anyway), and only leave dump vulnerable to attacks from an operator :) Don't forget device independence. If you somehow have a ufs file system image in a file, then dump will work on it, and dump/restore is one way to list its contents. If dump is world readable, then anyone can run a nonsetuid copy of it to do this, but it's annoying to have to copy it. Hard disks are not accessible by members of group wheel. However, they are readable by group operator. Why do dump and restore currently have group tty? Bruce